Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Slims Subscribe
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-22980 1 Slims 1 Senayan Library Management System Bulian 2025-06-18 N/A N/A
A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.
CVE-2025-45818 1 Slims 1 Senayan Library Management System Bulian 2025-06-17 N/A N/A
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.
CVE-2025-45819 1 Slims 1 Senayan Library Management System Bulian 2025-06-17 N/A N/A
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.
CVE-2025-45820 1 Slims 1 Senayan Library Management System Bulian 2025-06-17 N/A N/A
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.
CVE-2024-25288 1 Slims 1 Senayan Library Management System 2025-05-05 N/A N/A
SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.
CVE-2022-43362 1 Slims 1 Senayan Library Management System 2025-05-05 N/A 7.2 HIGH
Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.
CVE-2022-43361 1 Slims 1 Senayan Library Management System 2025-05-05 N/A 4.8 MEDIUM
Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.
CVE-2025-26200 1 Slims 1 Senayan Library Management System 2025-05-01 N/A N/A
SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.
CVE-2022-45019 1 Slims 1 Senayan Library Management System 2025-04-24 N/A 7.5 HIGH
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.
CVE-2023-29850 1 Slims 1 Senayan Library Management System 2025-02-06 N/A 7.5 HIGH
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.
CVE-2023-48893 1 Slims 1 Senayan Library Management System Bulian 2023-12-31 N/A 8.8 HIGH
SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.
CVE-2023-48813 1 Slims 1 Senayan Library Management System Bulian 2023-12-06 N/A 8.8 HIGH
Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.
CVE-2023-45996 1 Slims 2 Senayan Library Management System, Senayan Library Management System Bulian 2023-11-08 N/A 8.8 HIGH
SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.
CVE-2022-38292 1 Slims 1 Senayan Library Management System 2022-09-15 N/A 9.8 CRITICAL
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.
CVE-2022-38291 1 Slims 1 Senayan Library Management System 2022-09-15 N/A 6.1 MEDIUM
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.
CVE-2021-45794 1 Slims 1 Senayan Library Management System 2022-03-24 5.0 MEDIUM 7.5 HIGH
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
CVE-2021-45793 1 Slims 1 Senayan Library Management System 2022-03-24 5.0 MEDIUM 7.5 HIGH
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
CVE-2021-45791 1 Slims 1 Senayan Library Management System 2022-03-23 6.5 MEDIUM 8.8 HIGH
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
CVE-2021-45792 1 Slims 1 Senayan Library Management System 2022-03-23 3.5 LOW 4.8 MEDIUM
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.
CVE-2017-12584 1 Slims 1 Senayan Library Management System 2020-06-16 6.8 MEDIUM 8.8 HIGH
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation.