Slims Senayan Library Management System vulnerabilities
18 known vulnerabilities affecting slims/senayan_library_management_system.
Total CVEs
18
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH12MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2021-45793P2HIGHCVSS 7.5PoCv9.4.22022-03-17
CVE-2021-45793 [HIGH] CWE-89 CVE-2021-45793: Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
nvd
CVE-2023-3744P3HIGHCVSS 8.8v9.6.02023-10-02
CVE-2023-3744 [HIGH] CWE-918 CVE-2023-3744: Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.
nvd
CVE-2022-50805P3HIGHCVSS 8.2v9.0.02026-01-13
CVE-2022-50805 [HIGH] CWE-89 CVE-2022-50805: Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parame
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive information.
nvd
CVE-2022-38292P3CRITICALCVSS 9.8v9.4.22022-09-12
CVE-2022-38292 [CRITICAL] CWE-918 CVE-2022-38292: SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Reques
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.
nvd
CVE-2023-45996P3HIGHCVSS 8.8v9.02023-10-31
CVE-2023-45996 [HIGH] CWE-89 CVE-2023-45996: SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allow
SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.
nvd
CVE-2023-40970P3HIGHCVSS 8.8v9.6.12023-09-01
CVE-2023-40970 [HIGH] CWE-89 CVE-2023-40970: Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/m
Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.
nvd
CVE-2022-45019P3HIGHCVSS 7.5v9.5.02022-12-05
CVE-2022-45019 [HIGH] CWE-89 CVE-2022-45019: SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords param
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.
nvd
CVE-2021-45791P3HIGHCVSS 8.8v8.3.12022-03-17
CVE-2021-45791 [HIGH] CWE-89 CVE-2021-45791: Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/mo
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
nvd
CVE-2017-12584P3HIGHCVSS 8.8≤ 8.3.12017-08-06
CVE-2017-12584 [HIGH] CWE-352 CVE-2017-12584: There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system
nvd
CVE-2021-45794P3HIGHCVSS 7.5v9.4.22022-03-17
CVE-2021-45794 [HIGH] CWE-89 CVE-2021-45794: Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
nvd
CVE-2025-26200P3HIGHCVSS 7.2v9.6.12025-02-24
CVE-2025-26200 [HIGH] CWE-89 CVE-2025-26200: SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month paramet
SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.
nvd
CVE-2023-29850P3HIGHCVSS 7.5v9.5.22023-04-14
CVE-2023-29850 [HIGH] CWE-203 CVE-2023-29850: SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded image
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.
nvd
CVE-2022-43362P3HIGHCVSS 7.2v9.4.22022-11-01
CVE-2022-43362 [HIGH] CWE-89 CVE-2022-43362: Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via
Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.
nvd
CVE-2024-25288P4MEDIUMCVSS 4.9≥ 9.0.0, ≤ 9.6.12024-02-21
CVE-2024-25288 [MEDIUM] CWE-89 CVE-2024-25288: SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-sc
SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.
nvd
CVE-2023-40969P4MEDIUMCVSS 6.1v9.6.12023-09-01
CVE-2023-40969 [MEDIUM] CWE-918 CVE-2023-40969: Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forger
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.
nvd
CVE-2022-38291P4MEDIUMCVSS 6.1v9.4.22022-09-12
CVE-2022-38291 [MEDIUM] CWE-79 CVE-2022-38291: SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.
nvd
CVE-2021-45792P4MEDIUMCVSS 4.8v9.4.22022-03-17
CVE-2021-45792 [MEDIUM] CWE-79 CVE-2021-45792: Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.
nvd
CVE-2022-43361P4MEDIUMCVSS 4.8v9.4.22022-11-01
CVE-2022-43361 [MEDIUM] CWE-79 CVE-2022-43361: Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vuln
Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.
nvd