CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26200
https://notcve.org/view.php?id=CVE-2025-26200
24 Feb 2025 — SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. • https://github.com/slims/slims9_bulian/issues/269 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48893
https://notcve.org/view.php?id=CVE-2023-48893
01 Dec 2023 — SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 es vulnerable a la inyección SQL a través de admin/modules/reporting/customs/staff_act.php. • https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-staff_act.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48813
https://notcve.org/view.php?id=CVE-2023-48813
01 Dec 2023 — Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 es vulnerable a la inyección SQL a través de admin/modules/reporting/customs/fines_report.php. • https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-fines_report.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 2CVE-2023-45996
https://notcve.org/view.php?id=CVE-2023-45996
31 Oct 2023 — SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. Vulnerabilidad de inyección SQL en Senayan Library Management Systems Slims v.9 y Bulian v.9.6.1 permite a un atacante remoto obtener información confidencial y ejecutar código arbitrario a través de un script manipulado para el parámetro reborrowLimit en m... • https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-member_type.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3744 – Server-Side Request Forgery in SLiMS
https://notcve.org/view.php?id=CVE-2023-3744
02 Oct 2023 — Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. Vulnerabilidad de Server-Side Request Forgery en SLims versión 9.6.0. Esta vulnerabilidad podría permitir a un atacante autenticado enviar solicitudes a servicios internos o cargar el contenido de archivos relevantes a través del archivo "scrape_image... • https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-40969
https://notcve.org/view.php?id=CVE-2023-40969
01 Sep 2023 — Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 es vulnerable a Server Side Request Forgery (SSRF) a través de "admin/modules/bibliography/pop_p2p.php". • https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SSRF-pop_p2p.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-40970
https://notcve.org/view.php?id=CVE-2023-40970
01 Sep 2023 — Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 es vulnerable a inyección SQL a través de "admin/modules/circulation/loan_rules.php". • https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-loan_rules.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29850
https://notcve.org/view.php?id=CVE-2023-29850
14 Apr 2023 — SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information. • https://github.com/slims/slims9_bulian/issues/186 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45019
https://notcve.org/view.php?id=CVE-2022-45019
05 Dec 2022 — SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. Se descubrió que SLiMS 9 Bulian v9.5.0 contiene una vulnerabilidad de inyección SQL a través del parámetro de palabras clave. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43361
https://notcve.org/view.php?id=CVE-2022-43361
01 Nov 2022 — Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. Se descubrió que Senayan Library Management System v9.4.2 contenía una vulnerabilidad de Cross-Site Scripting (XSS) a través del componente pop_chart.php. • https://github.com/slims/slims9_bulian/issues/162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •