Lucene search
K
SlimsSenayan Library Management System

17 matches found

CVE
CVE
added 2024/02/21 12:0 a.m.4251 views

CVE-2024-25288

SLiMS 9 Bulian v9.6.1 is vulnerable to SQL Injection in the pop-scope-vocabolary.php script. Root cause: unsafe SQL construction in that file. Impact: confidentiality of data could be exposed (C:H) with network exposure (AV:N, UI:N; PR:H). No exploit status or patch details are provided in the co...

4.9CVSS8AI score0.00549EPSS
CVE
CVE
added 2022/03/17 11:12 a.m.164 views

CVE-2021-45793

CVE-2021-45793 (Slims9 Bulian 9.4.2) is due to a SQL injection in lib/comment.inc.php. The NVD/Nuclei entries describe an SQLi that can lead to retrieving user data from the database; the Circl/RedHat entries corroborate affected software. The referenced exploit path is via the comment field, ena...

7.5CVSS7.9AI score0.04637EPSS
CVE
CVE
added 2022/03/17 10:55 a.m.103 views

CVE-2021-45792

Slims9 Bulian 9.4.2 is affected by a Cross-Site Scripting (XSS) vulnerability in /admin/modules/system/custom_field.php. The root cause is a lack of filtering and escaping of user-submitted parameters. No exploitation details or patch/version fixes are provided in the connected documents; remedia...

4.8CVSS4.9AI score0.00486EPSS
CVE
CVE
added 2022/03/17 10:35 a.m.94 views

CVE-2021-45791

CVE-2021-45791 affects Slims8 Akasia 8.3.1. A SQL injection exists in multiple admin modules (bibliography, member_type, user_group, membership index) via the dir parameter, due to insufficient input escaping/validation. Exploitation is described as feasible by remotely authenticated librarian us...

8.8CVSS9AI score0.00954EPSS
Web
CVE
CVE
added 2022/03/17 11:16 a.m.87 views

CVE-2021-45794

The CVE-2021-45794 entry concerns Slims9 Bulian version 9.4.2, where a SQL injection vulnerability exists in /admin/modules/system/backup.php. The underlying issue allows an attacker to obtain user data, indicating a confidentiality impact without integrity/availability changes per the cited metr...

7.5CVSS7.9AI score0.01043EPSS
CVE
CVE
added 2025/02/24 12:0 a.m.85 views

CVE-2025-26200

The CVE-2025-26200 entry describes a SQL injection in SLIMS v9.6.1, exploitable remotely to escalate privileges via the month parameter in the visitor_report_day.php component. The affected software is SLIMS (Senayan Library Management System) 9.6.1; the vulnerability stems from improper handling...

7.2CVSS8.2AI score0.005EPSS
CVE
CVE
added 2022/09/12 8:30 p.m.68 views

CVE-2022-38291

CVE-2022-38291 affects SLiMS Senayan Library Management System v9.4.2. The issue is a cross-site scripting (XSS) vulnerability in the Search function, allowing an attacker to inject a crafted payload via the Search bar to execute arbitrary client-side scripts/HTML. Root cause: insufficient input ...

6.1CVSS5.9AI score0.00424EPSS
CVE
CVE
added 2022/09/12 8:30 p.m.68 views

CVE-2022-38292

CVE-2022-38292 affects SLiMS Senayan Library Management System v9.4.2. It involves multiple Server-Side Request Forgeries targeting the components /bibliography/marcsru.php and /bibliography/z3950sru.php . The root cause is SSRF in these endpoints, enabling potential unauthorized requests from th...

9.8CVSS9.5AI score0.00772EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.57 views

CVE-2022-45019

CVE-2022-45019 affects SLiMS 9 Bulian v9.5.0, with a SQL injection vulnerability exploitable via the keywords parameter. Public records (NVD/Red Hat/OSV, etc.) consistently describe the flaw as a SQL injection leading to Confidentiality impact (high) and no reported impacts to integrity/availabil...

7.5CVSS7.8AI score0.00751EPSS
CVE
CVE
added 2023/10/02 1:50 p.m.56 views

CVE-2023-3744

CVE-2023-3744 is a Server-Side Request Forgery in SLims 9.6.0. An authenticated attacker can send requests to internal services or upload files via the imageURL parameter in the scrape_image.php endpoint, enabling potential access to internal resources. Public details consistently describe SSRF i...

9.9CVSS9.1AI score0.00459EPSS
CVE
CVE
added 2017/08/06 3:0 a.m.55 views

CVE-2017-12584

Summary: CVE-2017-12584 affects SLiMS 8 Akasia (8.3.1 and earlier). The vulnerability stems from no CSRF mitigation and a flaw in admin/modules/system/app_user.php that allows changing a user’s password and profile via passwd1/passwd2 during a changecurrent=true operation without requiring the cu...

8.8CVSS8.6AI score0.0093EPSS
Web
CVE
CVE
added 2022/11/01 12:0 a.m.54 views

CVE-2022-43362

Senayan Library Management System v9.4.2 contains a SQL injection vulnerability in the loan_by_class.php endpoint via the collType parameter. Public details identify the affected software and vulnerable component, with CVSS v3.1 impact metrics indicating High severity (7.2) and a NETWORK attack v...

7.2CVSS7.2AI score0.00716EPSS
CVE
CVE
added 2022/11/01 12:0 a.m.52 views

CVE-2022-43361

CVE-2022-43361 affects Senayan Library Management System v9.4.2. The vulnerability is a cross-site scripting (XSS) flaw exposed via the component pop_chart.php . Documentation notes the issue but provides no explicit root cause details beyond the XSS label; no public patch/version is specified in...

4.8CVSS4.9AI score0.00392EPSS
CVE
CVE
added 2023/09/01 12:0 a.m.52 views

CVE-2023-40970

CVE-2023-40970 affects Senayan Library Management Systems SLIMS 9 Bulian v9.6.1. The vulnerability is a SQL Injection in the endpoint admin/modules/circulation/loan_rules.php caused by unsanitized input. Documented impact is high (CVSS v3.1: 8.8; Confidentiality/Integrity/Availability all HIGH). ...

8.8CVSS9AI score0.00616EPSS
CVE
CVE
added 2023/09/01 12:0 a.m.44 views

CVE-2023-40969

CVE-2023-40969 - SSRF in SLIMS 9 Bulian 9.6.1 : Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server-Side Request Forgery via admin/modules/bibliography/pop_p2p.php. Public docs consistently identify the affected component as the endpoint pop_p2p.php under the bibliogr...

6.1CVSS6.2AI score0.00341EPSS
CVE
CVE
added 2023/04/14 12:0 a.m.43 views

CVE-2023-29850

SENAYAN Library Management System (SLiMS) Bulian v9.5.2 is affected: it does not strip EXIF data from uploaded images, allowing disclosure of information such as geolocation and device data. The underlying root cause is the failure to strip metadata in image uploads. Current connected documents d...

7.5CVSS7.3AI score0.00747EPSS
CVE
CVE
added 2023/10/31 12:0 a.m.41 views

CVE-2023-45996

CVE-2023-45996 affects Senayan Library Management Systems Slims v9 and Bulian v9.6.1. A SQL injection occurs via a crafted script to the reborrowLimit parameter in member_type.php, enabling a remote attacker to obtain sensitive information and potentially execute arbitrary code. Supported details...

8.8CVSS8.7AI score0.01076EPSS