CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43362
https://notcve.org/view.php?id=CVE-2022-43362
01 Nov 2022 — Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. Se descubrió que Senayan Library Management System v9.4.2 contenía una vulnerabilidad de inyección SQL a través del parámetro collType en loan_by_class.php. • https://github.com/slims/slims9_bulian/issues/163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38292
https://notcve.org/view.php?id=CVE-2022-38292
12 Sep 2022 — SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. Se ha detectado que SLiMS Senayan Library Management System versión v9.4.2, contiene múltiples vulnerabilidades de tipo Server-Side Request Forgery por medio de los componentes /bibliography/marcsru.php y /bibliography/z3950sru.php • https://github.com/slims/slims9_bulian/issues/158 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38291
https://notcve.org/view.php?id=CVE-2022-38291
12 Sep 2022 — SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. Se ha detectado que SLiMS Senayan Library Management System versión v9.4.2, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la función Search. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML... • https://github.com/slims/slims9_bulian/issues/156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45794
https://notcve.org/view.php?id=CVE-2021-45794
17 Mar 2022 — Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. Slims9 Bulian versión 9.4.2 está afectado por una inyección SQL en el archivo /admin/modules/system/backup.php. Pueden obtenerse datos del usuario • https://github.com/slims/slims9_bulian/issues/124 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 1CVE-2021-45793
https://notcve.org/view.php?id=CVE-2021-45793
17 Mar 2022 — Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. Slims9 Bulian versión 9.4.2, está afectado por una inyección SQL en el archivo lib/comment.inc.php. Pueden obtenerse datos de usuarios • https://github.com/slims/slims9_bulian/issues/123 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45792
https://notcve.org/view.php?id=CVE-2021-45792
17 Mar 2022 — Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. Slims9 Bulian versión9.4.2 está afectado por Cross Site Scripting (XSS) en /admin/modules/system/custom_field.php • https://github.com/slims/slims9_bulian/issues/122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45791
https://notcve.org/view.php?id=CVE-2021-45791
17 Mar 2022 — Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. Slims8 Akasia versión 8.3.1, está afectado por inyección SQL en los archivos /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, y /admin/modules/m... • https://github.com/slims/slims8_akasia/issues/200 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12584
https://notcve.org/view.php?id=CVE-2017-12584
06 Aug 2017 — There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. No existe mitigación para la vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la versión 8.3.1 de SLiMS ... • https://github.com/slims/slims8_akasia/issues/49 • CWE-352: Cross-Site Request Forgery (CSRF) •