Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Senayan_library_management_system
(Slims)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-17 | CVE-2021-45793 | Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. | Senayan_library_management_system | 7.5 | ||
| 2022-09-12 | CVE-2022-38291 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. | Senayan_library_management_system | 6.1 | ||
| 2022-09-12 | CVE-2022-38292 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | Senayan_library_management_system | 9.8 | ||
| 2022-12-05 | CVE-2022-45019 | SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | Senayan_library_management_system | 7.5 | ||
| 2023-09-01 | CVE-2023-40969 | Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | Senayan_library_management_system | 6.1 | ||
| 2023-09-01 | CVE-2023-40970 | Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | Senayan_library_management_system | 8.8 | ||
| 2023-10-02 | CVE-2023-3744 | Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. | Senayan_library_management_system | 8.8 | ||
| 2023-10-31 | CVE-2023-45996 | SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | Senayan_library_management_system, Senayan_library_management_system_bulian | 8.8 | ||
| 2017-08-06 | CVE-2017-12584 | There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. | Senayan_library_management_system | N/A |