Slims9 Bulian
by Slims
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-25403 | Cri | 0.64 | 9.8 | 0.00 | Apr 29, 2025 | Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php. | ||
| CVE-2025-61488 | Hig | 0.49 | 7.6 | 0.00 | Oct 20, 2025 | An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter | ||
| CVE-2025-65233 | 0.00 | — | 0.00 | Dec 17, 2025 | Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path. | |||
| CVE-2024-25288 | 0.00 | — | 0.01 | Feb 21, 2024 | SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php. | |||
| CVE-2023-48813 | 0.00 | — | 0.01 | Dec 1, 2023 | Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | |||
| CVE-2022-45019 | 0.00 | — | 0.01 | Dec 5, 2022 | SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | |||
| CVE-2021-45794 | 0.00 | — | 0.01 | Mar 17, 2022 | Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. |
- risk 0.64cvss 9.8epss 0.00
Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php.
- risk 0.49cvss 7.6epss 0.00
An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter
- CVE-2025-65233Dec 17, 2025risk 0.00cvss —epss 0.00
Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path.
- CVE-2024-25288Feb 21, 2024risk 0.00cvss —epss 0.01
SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.
- CVE-2023-48813Dec 1, 2023risk 0.00cvss —epss 0.01
Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.
- CVE-2022-45019Dec 5, 2022risk 0.00cvss —epss 0.01
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.
- CVE-2021-45794Mar 17, 2022risk 0.00cvss —epss 0.01
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.