Vulnerabilities > Slims > Senayan Library Management System

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-45996 SQL Injection vulnerability in Slims products
SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.
network
low complexity
slims CWE-89
8.8
2023-10-02 CVE-2023-3744 Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.6.0
Server-Side Request Forgery vulnerability in SLims version 9.6.0.
network
low complexity
slims CWE-918
8.8
2023-09-01 CVE-2023-40969 Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.6.1
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.
network
low complexity
slims CWE-918
6.1
2023-09-01 CVE-2023-40970 SQL Injection vulnerability in Slims Senayan Library Management System 9.6.1
Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.
network
low complexity
slims CWE-89
8.8
2023-04-14 CVE-2023-29850 Unspecified vulnerability in Slims Senayan Library Management System 9.5.2
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images.
network
low complexity
slims
7.5
2022-12-05 CVE-2022-45019 SQL Injection vulnerability in Slims Senayan Library Management System 9.5.0
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.
network
low complexity
slims CWE-89
7.5
2022-11-01 CVE-2022-43361 Cross-site Scripting vulnerability in Slims Senayan Library Management System 9.4.2
Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.
network
low complexity
slims CWE-79
4.8
2022-11-01 CVE-2022-43362 SQL Injection vulnerability in Slims Senayan Library Management System 9.4.2
Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.
network
low complexity
slims CWE-89
7.2
2022-03-17 CVE-2021-45793 SQL Injection vulnerability in Slims Senayan Library Management System 9.4.2
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php.
network
low complexity
slims CWE-89
5.0
2022-03-17 CVE-2021-45794 SQL Injection vulnerability in Slims Senayan Library Management System 9.4.2
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php.
network
low complexity
slims CWE-89
5.0