CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26200
https://notcve.org/view.php?id=CVE-2025-26200
24 Feb 2025 — SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. • https://github.com/slims/slims9_bulian/issues/269 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25288
https://notcve.org/view.php?id=CVE-2024-25288
21 Feb 2024 — SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php. SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 es vulnerable a la inyección SQL a través de pop-scope-vocabolary.php. • https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48893
https://notcve.org/view.php?id=CVE-2023-48893
01 Dec 2023 — SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 es vulnerable a la inyección SQL a través de admin/modules/reporting/customs/staff_act.php. • https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-staff_act.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48813
https://notcve.org/view.php?id=CVE-2023-48813
01 Dec 2023 — Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 es vulnerable a la inyección SQL a través de admin/modules/reporting/customs/fines_report.php. • https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-fines_report.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 2CVE-2023-45996
https://notcve.org/view.php?id=CVE-2023-45996
31 Oct 2023 — SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. Vulnerabilidad de inyección SQL en Senayan Library Management Systems Slims v.9 y Bulian v.9.6.1 permite a un atacante remoto obtener información confidencial y ejecutar código arbitrario a través de un script manipulado para el parámetro reborrowLimit en m... • https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-member_type.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3744 – Server-Side Request Forgery in SLiMS
https://notcve.org/view.php?id=CVE-2023-3744
02 Oct 2023 — Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. Vulnerabilidad de Server-Side Request Forgery en SLims versión 9.6.0. Esta vulnerabilidad podría permitir a un atacante autenticado enviar solicitudes a servicios internos o cargar el contenido de archivos relevantes a través del archivo "scrape_image... • https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-40969
https://notcve.org/view.php?id=CVE-2023-40969
01 Sep 2023 — Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 es vulnerable a Server Side Request Forgery (SSRF) a través de "admin/modules/bibliography/pop_p2p.php". • https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SSRF-pop_p2p.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-40970
https://notcve.org/view.php?id=CVE-2023-40970
01 Sep 2023 — Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 es vulnerable a inyección SQL a través de "admin/modules/circulation/loan_rules.php". • https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-loan_rules.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29850
https://notcve.org/view.php?id=CVE-2023-29850
14 Apr 2023 — SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information. • https://github.com/slims/slims9_bulian/issues/186 • CWE-203: Observable Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24086
https://notcve.org/view.php?id=CVE-2023-24086
13 Feb 2023 — SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •