Filtered by vendor Slims Subscriptions
Filtered by product Akasia Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-12586 1 Slims 1 Akasia 2024-11-21 N/A
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.
CVE-2017-12585 1 Slims 1 Akasia 2024-11-21 N/A
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.