Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Senayan_library_management_system
(Slims)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 15 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-03-17 | CVE-2021-45793 | Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. | Senayan_library_management_system | 7.5 | ||
2022-03-17 | CVE-2021-45794 | Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. | Senayan_library_management_system | 7.5 | ||
2022-03-17 | CVE-2021-45791 | Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. | Senayan_library_management_system | 8.8 | ||
2022-03-17 | CVE-2021-45792 | Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. | Senayan_library_management_system | 4.8 | ||
2017-08-06 | CVE-2017-12584 | There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. | Senayan_library_management_system | N/A |