CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45019
https://notcve.org/view.php?id=CVE-2022-45019
05 Dec 2022 — SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. Se descubrió que SLiMS 9 Bulian v9.5.0 contiene una vulnerabilidad de inyección SQL a través del parámetro de palabras clave. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43361
https://notcve.org/view.php?id=CVE-2022-43361
01 Nov 2022 — Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. Se descubrió que Senayan Library Management System v9.4.2 contenía una vulnerabilidad de Cross-Site Scripting (XSS) a través del componente pop_chart.php. • https://github.com/slims/slims9_bulian/issues/162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43362
https://notcve.org/view.php?id=CVE-2022-43362
01 Nov 2022 — Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. Se descubrió que Senayan Library Management System v9.4.2 contenía una vulnerabilidad de inyección SQL a través del parámetro collType en loan_by_class.php. • https://github.com/slims/slims9_bulian/issues/163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38292
https://notcve.org/view.php?id=CVE-2022-38292
12 Sep 2022 — SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. Se ha detectado que SLiMS Senayan Library Management System versión v9.4.2, contiene múltiples vulnerabilidades de tipo Server-Side Request Forgery por medio de los componentes /bibliography/marcsru.php y /bibliography/z3950sru.php • https://github.com/slims/slims9_bulian/issues/158 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38291
https://notcve.org/view.php?id=CVE-2022-38291
12 Sep 2022 — SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. Se ha detectado que SLiMS Senayan Library Management System versión v9.4.2, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la función Search. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML... • https://github.com/slims/slims9_bulian/issues/156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45794
https://notcve.org/view.php?id=CVE-2021-45794
17 Mar 2022 — Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. Slims9 Bulian versión 9.4.2 está afectado por una inyección SQL en el archivo /admin/modules/system/backup.php. Pueden obtenerse datos del usuario • https://github.com/slims/slims9_bulian/issues/124 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 1CVE-2021-45793
https://notcve.org/view.php?id=CVE-2021-45793
17 Mar 2022 — Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. Slims9 Bulian versión 9.4.2, está afectado por una inyección SQL en el archivo lib/comment.inc.php. Pueden obtenerse datos de usuarios • https://github.com/slims/slims9_bulian/issues/123 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45792
https://notcve.org/view.php?id=CVE-2021-45792
17 Mar 2022 — Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. Slims9 Bulian versión9.4.2 está afectado por Cross Site Scripting (XSS) en /admin/modules/system/custom_field.php • https://github.com/slims/slims9_bulian/issues/122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45791
https://notcve.org/view.php?id=CVE-2021-45791
17 Mar 2022 — Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. Slims8 Akasia versión 8.3.1, está afectado por inyección SQL en los archivos /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, y /admin/modules/m... • https://github.com/slims/slims8_akasia/issues/200 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12657
https://notcve.org/view.php?id=CVE-2018-12657
22 Jun 2018 — Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. Existe Cross-Site Scripting (XSS) reflejado en el módulo Master File en SLiMS 8 Akasia 8.3.1 mediante un URI admin/modules/master_file/rda_cmc.php?keywords=. • https://github.com/slims/slims8_akasia/issues/101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •