| Title | GitHub WMS (Warehouse Management System) V1.0 SQL Injection |
|---|
| Description | It has been confirmed that the WMS open-source enterprise warehouse management system suffers from a high-risk SQL injection vulnerability. This vulnerability arises from the system's failure to effectively filter user inputs, enabling attackers to insert malicious code into database queries. Successful exploitation of this vulnerability can bypass authentication, illegally read, tamper with, or delete sensitive information in the database, including user credentials, inventory, and business data, posing a serious threat to the confidentiality and integrity of the system. It is recommended that project maintainers immediately adopt secure coding methods such as parameterized queries for remediation and upgrade affected versions. Users should promptly pay attention to official patch updates. |
|---|
| Source | ⚠️ https://github.com/wangchaoxing/CVE/issues/1 |
|---|
| User | wangchaoxing (UID 94129) |
|---|
| Submission | 01/04/2026 09:02 (5 months ago) |
|---|
| Moderation | 01/16/2026 20:04 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 341628 [FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa /src/chkuser.php Username sql injection] |
|---|
| Points | 20 |
|---|