Slim
by Slims
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-45819 | 0.00 | — | 0.00 | May 8, 2025 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php. | |||
| CVE-2025-26200 | 0.00 | — | 0.01 | Feb 24, 2025 | SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. | |||
| CVE-2023-48893 | 0.00 | — | 0.01 | Dec 1, 2023 | SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | |||
| CVE-2023-3744 | 0.00 | — | 0.00 | Oct 2, 2023 | Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. | |||
| CVE-2023-24086 | 0.00 | — | 0.00 | Feb 13, 2023 | SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. | |||
| CVE-2013-4412 | 0.00 | — | 0.03 | Nov 4, 2019 | slim has NULL pointer dereference when using crypt() method from glibc 2.17 | |||
| CVE-2010-2945 | 0.00 | — | 0.00 | Aug 30, 2010 | The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp. | |||
| CVE-2009-1756 | 0.00 | — | 0.00 | May 22, 2009 | SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments. |
- CVE-2025-45819May 8, 2025risk 0.00cvss —epss 0.00
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.
- CVE-2025-26200Feb 24, 2025risk 0.00cvss —epss 0.01
SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.
- CVE-2023-48893Dec 1, 2023risk 0.00cvss —epss 0.01
SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.
- CVE-2023-3744Oct 2, 2023risk 0.00cvss —epss 0.00
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.
- CVE-2023-24086Feb 13, 2023risk 0.00cvss —epss 0.00
SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView.
- CVE-2013-4412Nov 4, 2019risk 0.00cvss —epss 0.03
slim has NULL pointer dereference when using crypt() method from glibc 2.17
- CVE-2010-2945Aug 30, 2010risk 0.00cvss —epss 0.00
The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.
- CVE-2009-1756May 22, 2009risk 0.00cvss —epss 0.00
SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.