Vulnerabilities > Slims > Akasia > 8.3.1

DATE CVE VULNERABILITY TITLE RISK
2017-08-06 CVE-2017-12586 Path Traversal vulnerability in Slims Akasia
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php.
network
low complexity
slims CWE-22
4.0
4.0
2017-08-06 CVE-2017-12585 SQL Injection vulnerability in Slims Akasia
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php.
network
low complexity
slims CWE-89
6.5
6.5
2017-08-06 CVE-2017-12584 Cross-Site Request Forgery (CSRF) vulnerability in Slims Senayan Library Management System
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1.
network
slims CWE-352
6.8
6.8