Vulnerabilities > Slims > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-01 CVE-2023-40969 Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.6.1
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.
network
low complexity
slims CWE-918
6.1
6.1
2022-11-01 CVE-2022-43361 Cross-site Scripting vulnerability in Slims Senayan Library Management System 9.4.2
Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.
network
low complexity
slims CWE-79
4.8
4.8
2022-03-17 CVE-2021-45793 SQL Injection vulnerability in Slims Senayan Library Management System 9.4.2
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php.
network
low complexity
slims CWE-89
5.0
5.0
2022-03-17 CVE-2021-45794 SQL Injection vulnerability in Slims Senayan Library Management System 9.4.2
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php.
network
low complexity
slims CWE-89
5.0
5.0
2022-03-17 CVE-2021-45791 SQL Injection vulnerability in Slims Senayan Library Management System 8.3.1
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter.
network
low complexity
slims CWE-89
6.5
6.5
2017-08-06 CVE-2017-12586 Path Traversal vulnerability in Slims Akasia
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php.
network
low complexity
slims CWE-22
4.0
4.0
2017-08-06 CVE-2017-12585 SQL Injection vulnerability in Slims Akasia
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php.
network
low complexity
slims CWE-89
6.5
6.5
2017-08-06 CVE-2017-12584 Cross-Site Request Forgery (CSRF) vulnerability in Slims Senayan Library Management System
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1.
network
slims CWE-352
6.8
6.8
2017-03-23 CVE-2017-7242 Cross-site Scripting vulnerability in Slims Slims7 Cendana
Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php.
network
slims CWE-79
4.3
4.3
2017-03-21 CVE-2017-7202 Cross-site Scripting vulnerability in Slims Slims7 Cendana
Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16.
network
slims CWE-79
4.3
4.3