5 matches found
CVE-2021-45791
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/membertype.php, /admin/modules/system/usergroup.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users...
Sql injection
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAXlookuphandler.php tableName and tableFields parameters, admin/AJAXcheckid.php, and admin/AJAXvocabolarycontrol.php. It can be exploited by remote authenticated librarian users...
CVE-2017-12585
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAXlookuphandler.php tableName and tableFields parameters, admin/AJAXcheckid.php, and admin/AJAXvocabolarycontrol.php. It can be exploited by remote authenticated librarian users...
CVE-2017-12585
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAXlookuphandler.php tableName and tableFields parameters, admin/AJAXcheckid.php, and admin/AJAXvocabolarycontrol.php. It can be exploited by remote authenticated librarian users...
CVE-2017-12586
The CVE-2017-12586 issue affects SLiMS 8 Akasia up to version 8.3.1. Affected component: admin/help.php URL parameter handling, where a directory traversal flaw allows arbitrary file reading. It can be exploited by remote authenticated librarian users. The connected sources confirm the vulnerabil...