17 matches found
CVE-2024-25288
SLiMS 9 Bulian v9.6.1 is vulnerable to SQL Injection in the pop-scope-vocabolary.php script. Root cause: unsafe SQL construction in that file. Impact: confidentiality of data could be exposed (C:H) with network exposure (AV:N, UI:N; PR:H). No exploit status or patch details are provided in the co...
CVE-2021-45793
CVE-2021-45793 (Slims9 Bulian 9.4.2) is due to a SQL injection in lib/comment.inc.php. The NVD/Nuclei entries describe an SQLi that can lead to retrieving user data from the database; the Circl/RedHat entries corroborate affected software. The referenced exploit path is via the comment field, ena...
CVE-2021-45792
Slims9 Bulian 9.4.2 is affected by a Cross-Site Scripting (XSS) vulnerability in /admin/modules/system/custom_field.php. The root cause is a lack of filtering and escaping of user-submitted parameters. No exploitation details or patch/version fixes are provided in the connected documents; remedia...
CVE-2021-45791
CVE-2021-45791 affects Slims8 Akasia 8.3.1. A SQL injection exists in multiple admin modules (bibliography, member_type, user_group, membership index) via the dir parameter, due to insufficient input escaping/validation. Exploitation is described as feasible by remotely authenticated librarian us...
CVE-2021-45794
The CVE-2021-45794 entry concerns Slims9 Bulian version 9.4.2, where a SQL injection vulnerability exists in /admin/modules/system/backup.php. The underlying issue allows an attacker to obtain user data, indicating a confidentiality impact without integrity/availability changes per the cited metr...
CVE-2025-26200
The CVE-2025-26200 entry describes a SQL injection in SLIMS v9.6.1, exploitable remotely to escalate privileges via the month parameter in the visitor_report_day.php component. The affected software is SLIMS (Senayan Library Management System) 9.6.1; the vulnerability stems from improper handling...
CVE-2022-38291
CVE-2022-38291 affects SLiMS Senayan Library Management System v9.4.2. The issue is a cross-site scripting (XSS) vulnerability in the Search function, allowing an attacker to inject a crafted payload via the Search bar to execute arbitrary client-side scripts/HTML. Root cause: insufficient input ...
CVE-2022-38292
CVE-2022-38292 affects SLiMS Senayan Library Management System v9.4.2. It involves multiple Server-Side Request Forgeries targeting the components /bibliography/marcsru.php and /bibliography/z3950sru.php . The root cause is SSRF in these endpoints, enabling potential unauthorized requests from th...
CVE-2022-45019
CVE-2022-45019 affects SLiMS 9 Bulian v9.5.0, with a SQL injection vulnerability exploitable via the keywords parameter. Public records (NVD/Red Hat/OSV, etc.) consistently describe the flaw as a SQL injection leading to Confidentiality impact (high) and no reported impacts to integrity/availabil...
CVE-2023-3744
CVE-2023-3744 is a Server-Side Request Forgery in SLims 9.6.0. An authenticated attacker can send requests to internal services or upload files via the imageURL parameter in the scrape_image.php endpoint, enabling potential access to internal resources. Public details consistently describe SSRF i...
CVE-2017-12584
Summary: CVE-2017-12584 affects SLiMS 8 Akasia (8.3.1 and earlier). The vulnerability stems from no CSRF mitigation and a flaw in admin/modules/system/app_user.php that allows changing a user’s password and profile via passwd1/passwd2 during a changecurrent=true operation without requiring the cu...
CVE-2022-43362
Senayan Library Management System v9.4.2 contains a SQL injection vulnerability in the loan_by_class.php endpoint via the collType parameter. Public details identify the affected software and vulnerable component, with CVSS v3.1 impact metrics indicating High severity (7.2) and a NETWORK attack v...
CVE-2022-43361
CVE-2022-43361 affects Senayan Library Management System v9.4.2. The vulnerability is a cross-site scripting (XSS) flaw exposed via the component pop_chart.php . Documentation notes the issue but provides no explicit root cause details beyond the XSS label; no public patch/version is specified in...
CVE-2023-40970
CVE-2023-40970 affects Senayan Library Management Systems SLIMS 9 Bulian v9.6.1. The vulnerability is a SQL Injection in the endpoint admin/modules/circulation/loan_rules.php caused by unsanitized input. Documented impact is high (CVSS v3.1: 8.8; Confidentiality/Integrity/Availability all HIGH). ...
CVE-2023-40969
CVE-2023-40969 - SSRF in SLIMS 9 Bulian 9.6.1 : Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server-Side Request Forgery via admin/modules/bibliography/pop_p2p.php. Public docs consistently identify the affected component as the endpoint pop_p2p.php under the bibliogr...
CVE-2023-29850
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 is affected: it does not strip EXIF data from uploaded images, allowing disclosure of information such as geolocation and device data. The underlying root cause is the failure to strip metadata in image uploads. Current connected documents d...
CVE-2023-45996
CVE-2023-45996 affects Senayan Library Management Systems Slims v9 and Bulian v9.6.1. A SQL injection occurs via a crafted script to the reborrowLimit parameter in member_type.php, enabling a remote attacker to obtain sensitive information and potentially execute arbitrary code. Supported details...