Vulnerabilities > Slims
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-12 | CVE-2022-38291 | Cross-site Scripting vulnerability in Slims Senayan Library Management System 9.4.2 SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. | 6.1 |
| 2022-09-12 | CVE-2022-38292 | Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.4.2 SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | 9.8 |
| 2022-03-17 | CVE-2021-45793 | SQL Injection vulnerability in Slims Senayan Library Management System 9.4.2 Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. | 7.5 |
| 2022-03-17 | CVE-2021-45794 | SQL Injection vulnerability in Slims Senayan Library Management System 9.4.2 Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. | 7.5 |
| 2022-03-17 | CVE-2021-45791 | SQL Injection vulnerability in Slims Senayan Library Management System 8.3.1 Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. | 8.8 |
| 2022-03-17 | CVE-2021-45792 | Cross-site Scripting vulnerability in Slims Senayan Library Management System 9.4.2 Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. | 4.8 |
| 2017-08-06 | CVE-2017-12586 | Path Traversal vulnerability in Slims Akasia SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. | 6.5 |
| 2017-08-06 | CVE-2017-12585 | SQL Injection vulnerability in Slims Akasia SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. | 8.8 |
| 2017-08-06 | CVE-2017-12584 | Cross-Site Request Forgery (CSRF) vulnerability in Slims Senayan Library Management System There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. | 8.8 |
| 2017-03-23 | CVE-2017-7242 | Cross-site Scripting vulnerability in Slims Slims7 Cendana 20170323/62B8Ee8B51Be89Fc65E0D59B01C3724737F9Da20 Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. | 6.1 |