I, Librarian Security Vulnerabilities

CVE-2024-1830

A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched.....

CVE-2024-1830

A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched.....

Sql injection

A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched.....

CVE-2024-1830 code-projects Library System lost-password.php sql injection

A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched.....

CVE-2024-1827

A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.....

CVE-2024-1829

A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql...

CVE-2024-1829

A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql...

CVE-2024-1827

A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.....

CVE-2024-1828

A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch....

CVE-2024-1828

A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch....

Sql injection

A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.....

Sql injection

A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch....

Sql injection

A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql...

CVE-2024-1829 code-projects Library System registration.php sql injection

A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql...

CVE-2024-1828 code-projects Library System registration.php sql injection

A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch....

CVE-2024-1827 code-projects Library System login.php sql injection

A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.....

CVE-2024-1826

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated...

CVE-2024-1826

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated...

Sql injection

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated...

CVE-2024-1826 code-projects Library System login.php sql injection

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated...

CVE-2023-3020

Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to...

CVE-2023-3020

Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to...

CVE-2023-3021

Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to...

CVE-2023-3020

Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to...

CVE-2023-3021

Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to...

CVE-2023-3021

Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to...

Cross site scripting

Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to...

Cross site scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to...

CVE-2023-3020 Cross-site Scripting (XSS) - Reflected in mkucej/i-librarian-free

Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to...

CVE-2023-3021 Cross-site Scripting (XSS) - Stored in mkucej/i-librarian-free

Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to...

CVE-2022-47854

i-librarian 4.10 is vulnerable to Arbitrary file upload in...

CVE-2022-47854

i-librarian 4.10 is vulnerable to Arbitrary file upload in...

CVE-2022-47854

i-librarian 4.10 is vulnerable to Arbitrary file upload in...

Design/Logic Flaw

i-librarian 4.10 is vulnerable to Arbitrary file upload in...

CVE-2022-47854

i-librarian 4.10 is vulnerable to Arbitrary file upload in...

Senayan Library Management System 9.4.0 Cross Site Scripting

...

Senayan Library Management System 9.4.0 Cross Site Scripting Vulnerability

...

CVE-2017-12586

SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian...

CVE-2017-12585

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian...

CVE-2017-12585

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian...

CVE-2017-12586

SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian...

CVE-2017-1000235

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully...

CVE-2017-1000235

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully...

CVE-2017-1000236

I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated...

CVE-2017-1000237

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's...

CVE-2017-1000236

I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated...

CVE-2017-1000237

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's...

CVE-2017-1000234

I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir"...

CVE-2017-1000234

I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir"...

CVE-2018-1000137

I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's...