Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45019 | 1 Slims | 1 Senayan Library Management System | 2022-12-06 | N/A | 7.5 HIGH |
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | |||||
CVE-2022-43362 | 1 Slims | 1 Senayan Library Management System | 2022-11-02 | N/A | 7.2 HIGH |
Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. | |||||
CVE-2022-43361 | 1 Slims | 1 Senayan Library Management System | 2022-11-02 | N/A | 4.8 MEDIUM |
Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | |||||
CVE-2022-38292 | 1 Slims | 1 Senayan Library Management System | 2022-09-14 | N/A | 9.8 CRITICAL |
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | |||||
CVE-2022-38291 | 1 Slims | 1 Senayan Library Management System | 2022-09-14 | N/A | 6.1 MEDIUM |
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. | |||||
CVE-2021-45794 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 5.0 MEDIUM | 7.5 HIGH |
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. | |||||
CVE-2021-45793 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 5.0 MEDIUM | 7.5 HIGH |
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. | |||||
CVE-2021-45791 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 6.5 MEDIUM | 8.8 HIGH |
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. | |||||
CVE-2021-45792 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 3.5 LOW | 4.8 MEDIUM |
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. | |||||
CVE-2017-12584 | 1 Slims | 1 Senayan Library Management System | 2020-06-16 | 6.8 MEDIUM | 8.8 HIGH |
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. |