VYPR

Senayan Library Management System

by Slims

Source repositories

CVEs (17)

  • CVE-2018-12659HigJun 22, 2018
    risk 0.57cvss 8.8epss 0.01

    SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.

  • CVE-2017-12584HigAug 6, 2017
    risk 0.57cvss 8.8epss 0.01

    There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete…

  • CVE-2018-12658MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.

  • CVE-2018-12657MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI.

  • CVE-2018-12656MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI.

  • CVE-2018-12655MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242.

  • CVE-2018-12654MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI.

  • CVE-2025-45819May 8, 2025
    risk 0.00cvss epss 0.00

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.

  • CVE-2025-45818May 8, 2025
    risk 0.00cvss epss 0.00

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.

  • CVE-2025-45820May 8, 2025
    risk 0.00cvss epss 0.00

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.

  • CVE-2023-48893Dec 1, 2023
    risk 0.00cvss epss 0.01

    SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.

  • CVE-2023-45996Oct 31, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.

  • CVE-2023-40970Sep 1, 2023
    risk 0.00cvss epss 0.01

    Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.

  • CVE-2023-40969Sep 1, 2023
    risk 0.00cvss epss 0.00

    Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.

  • CVE-2022-43361Nov 1, 2022
    risk 0.00cvss epss 0.00

    Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.

  • CVE-2022-38292Sep 12, 2022
    risk 0.00cvss epss 0.01

    SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.

  • CVE-2022-38291Sep 12, 2022
    risk 0.00cvss epss 0.00

    SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.