Filtered by vendor Slims Subscriptions
Total 21 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-48893 1 Slims 1 Senayan Library Management System Bulian 2024-11-21 8.8 High
SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.
CVE-2023-48813 1 Slims 1 Senayan Library Management System Bulian 2024-11-21 8.8 High
Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.
CVE-2023-45996 1 Slims 2 Senayan Library Management System, Senayan Library Management System Bulian 2024-11-21 8.8 High
SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.
CVE-2023-40970 1 Slims 1 Senayan Library Management System 2024-11-21 8.8 High
Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.
CVE-2023-40969 1 Slims 1 Senayan Library Management System 2024-11-21 6.1 Medium
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.
CVE-2023-3744 1 Slims 1 Senayan Library Management System 2024-11-21 9.9 Critical
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.
CVE-2023-29850 1 Slims 1 Senayan Library Management System 2024-11-21 7.5 High
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.
CVE-2022-45019 1 Slims 1 Senayan Library Management System 2024-11-21 7.5 High
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.
CVE-2022-43362 1 Slims 1 Senayan Library Management System 2024-11-21 7.2 High
Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.
CVE-2022-43361 1 Slims 1 Senayan Library Management System 2024-11-21 4.8 Medium
Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.
CVE-2022-38292 1 Slims 1 Senayan Library Management System 2024-11-21 9.8 Critical
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.
CVE-2022-38291 1 Slims 1 Senayan Library Management System 2024-11-21 6.1 Medium
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.
CVE-2021-45794 1 Slims 1 Senayan Library Management System 2024-11-21 7.5 High
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
CVE-2021-45793 1 Slims 1 Senayan Library Management System 2024-11-21 7.5 High
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
CVE-2021-45792 1 Slims 1 Senayan Library Management System 2024-11-21 4.8 Medium
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.
CVE-2021-45791 1 Slims 1 Senayan Library Management System 2024-11-21 8.8 High
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
CVE-2017-7242 1 Slims 1 Slims7 Cendana 2024-11-21 N/A
Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php.
CVE-2017-7202 1 Slims 1 Slims7 Cendana 2024-11-21 N/A
Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-12586 1 Slims 1 Akasia 2024-11-21 N/A
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.
CVE-2017-12585 1 Slims 1 Akasia 2024-11-21 N/A
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.