Filtered by vendor Slims
Subscriptions
Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12584 | 1 Slims | 1 Senayan Library Management System | 2024-09-17 | 8.8 High |
| There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. | ||||
| CVE-2017-12586 | 1 Slims | 1 Akasia | 2024-09-17 | N/A |
| SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. | ||||
| CVE-2017-12585 | 1 Slims | 1 Akasia | 2024-09-16 | N/A |
| SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users. | ||||
| CVE-2023-45996 | 1 Slims | 2 Senayan Library Management System, Senayan Library Management System Bulian | 2024-09-05 | 8.8 High |
| SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | ||||
| CVE-2017-7242 | 1 Slims | 1 Slims7 Cendana | 2024-08-05 | N/A |
| Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. | ||||
| CVE-2017-7202 | 1 Slims | 1 Slims7 Cendana | 2024-08-05 | N/A |
| Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2021-45791 | 1 Slims | 1 Senayan Library Management System | 2024-08-04 | 8.8 High |
| Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. | ||||
| CVE-2021-45794 | 1 Slims | 1 Senayan Library Management System | 2024-08-04 | 7.5 High |
| Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. | ||||
| CVE-2021-45792 | 1 Slims | 1 Senayan Library Management System | 2024-08-04 | 4.8 Medium |
| Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. | ||||
| CVE-2021-45793 | 1 Slims | 1 Senayan Library Management System | 2024-08-04 | 7.5 High |
| Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. | ||||
| CVE-2022-45019 | 1 Slims | 1 Senayan Library Management System | 2024-08-03 | 7.5 High |
| SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | ||||
| CVE-2022-43361 | 1 Slims | 1 Senayan Library Management System | 2024-08-03 | 4.8 Medium |
| Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | ||||
| CVE-2022-43362 | 1 Slims | 1 Senayan Library Management System | 2024-08-03 | 7.2 High |
| Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. | ||||
| CVE-2022-38291 | 1 Slims | 1 Senayan Library Management System | 2024-08-03 | 6.1 Medium |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. | ||||
| CVE-2022-38292 | 1 Slims | 1 Senayan Library Management System | 2024-08-03 | 9.8 Critical |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | ||||
| CVE-2023-48893 | 1 Slims | 1 Senayan Library Management System Bulian | 2024-08-02 | 8.8 High |
| SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | ||||
| CVE-2023-48813 | 1 Slims | 1 Senayan Library Management System Bulian | 2024-08-02 | 8.8 High |
| Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | ||||
| CVE-2023-40969 | 1 Slims | 1 Senayan Library Management System | 2024-08-02 | 6.1 Medium |
| Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | ||||
| CVE-2023-40970 | 1 Slims | 1 Senayan Library Management System | 2024-08-02 | 8.8 High |
| Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | ||||
| CVE-2023-29850 | 1 Slims | 1 Senayan Library Management System | 2024-08-02 | 7.5 High |
| SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information. | ||||