Vulnerabilities > Slims
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-01 | CVE-2023-48813 | SQL Injection vulnerability in Slims Senayan Library Management System Bulian 9.6.1 Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | 8.8 |
| 2023-12-01 | CVE-2023-48893 | SQL Injection vulnerability in Slims Senayan Library Management System Bulian 9.6.1 SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | 8.8 |
| 2023-10-31 | CVE-2023-45996 | SQL Injection vulnerability in Slims products SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | 8.8 |
| 2023-10-02 | CVE-2023-3744 | Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.6.0 Server-Side Request Forgery vulnerability in SLims version 9.6.0. | 8.8 |
| 2023-09-01 | CVE-2023-40969 | Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.6.1 Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | 6.1 |
| 2023-09-01 | CVE-2023-40970 | SQL Injection vulnerability in Slims Senayan Library Management System 9.6.1 Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | 8.8 |
| 2023-04-14 | CVE-2023-29850 | Unspecified vulnerability in Slims Senayan Library Management System 9.5.2 SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. | 7.5 |
| 2022-12-05 | CVE-2022-45019 | SQL Injection vulnerability in Slims Senayan Library Management System 9.5.0 SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | 7.5 |
| 2022-11-01 | CVE-2022-43361 | Cross-site Scripting vulnerability in Slims Senayan Library Management System 9.4.2 Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | 4.8 |
| 2022-11-01 | CVE-2022-43362 | SQL Injection vulnerability in Slims Senayan Library Management System 9.4.2 Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. | 7.2 |