Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
427055.9%CRITICAL

Related CVEs

27
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-45820Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.MEDIUM6.518.3%May 8, 2025
CVE-2025-45819Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.MEDIUM6.518.3%May 8, 2025
CVE-2025-45818Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.MEDIUM6.518.3%May 8, 2025
CVE-2025-26200SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.HIGH7.239.0%Feb 24, 2025
CVE-2025-22980A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.MEDIUM6.744.5%Jan 22, 2025
CVE-2024-25288SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.MEDIUM4.941.8%Feb 21, 2024
CVE-2023-48893SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.HIGH8.850.2%Dec 1, 2023
CVE-2023-48813Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.HIGH8.850.2%Dec 1, 2023
CVE-2023-45996SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.HIGH8.860.8%Oct 31, 2023
CVE-2023-3744Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.HIGH8.836.5%Oct 2, 2023
CVE-2023-40970Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.HIGH8.845.1%Sep 1, 2023
CVE-2023-40969Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.MEDIUM6.125.9%Sep 1, 2023
CVE-2023-29850SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.HIGH7.550.0%Apr 14, 2023
CVE-2022-45019SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.HIGH7.5Dec 5, 2022
CVE-2022-43362Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.HIGH7.2Nov 1, 2022
CVE-2022-43361Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.MEDIUM4.8Nov 1, 2022
CVE-2022-38292SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.CRITICAL9.8Sep 12, 2022
CVE-2022-38291SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.MEDIUM6.1Sep 12, 2022
CVE-2021-45794Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.HIGH7.5Mar 17, 2022
CVE-2021-45793Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.HIGH7.5Mar 17, 2022