CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45791
https://notcve.org/view.php?id=CVE-2021-45791
17 Mar 2022 — Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. Slims8 Akasia versión 8.3.1, está afectado por inyección SQL en los archivos /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, y /admin/modules/m... • https://github.com/slims/slims8_akasia/issues/200 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12584
https://notcve.org/view.php?id=CVE-2017-12584
06 Aug 2017 — There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. No existe mitigación para la vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la versión 8.3.1 de SLiMS ... • https://github.com/slims/slims8_akasia/issues/49 • CWE-352: Cross-Site Request Forgery (CSRF) •