CVE-2017-12585

2017-08-05T23:29:00
ID CVE-2017-12585
Type cve
Reporter NVD
Modified 2017-08-14T07:15:54

Description

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.