Senayan Library Management System
by Slims
Source repositories
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12659 | Hig | 0.57 | 8.8 | 0.01 | Jun 22, 2018 | SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. | ||
| CVE-2017-12584 | Hig | 0.57 | 8.8 | 0.01 | Aug 6, 2017 | There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete… | ||
| CVE-2018-12658 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2018 | Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. | ||
| CVE-2018-12657 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2018 | Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. | ||
| CVE-2018-12656 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2018 | Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. | ||
| CVE-2018-12655 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2018 | Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. | ||
| CVE-2018-12654 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2018 | Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. | ||
| CVE-2025-45819 | 0.00 | — | 0.00 | May 8, 2025 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php. | |||
| CVE-2025-45818 | 0.00 | — | 0.00 | May 8, 2025 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php. | |||
| CVE-2025-45820 | 0.00 | — | 0.00 | May 8, 2025 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php. | |||
| CVE-2023-48893 | 0.00 | — | 0.01 | Dec 1, 2023 | SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | |||
| CVE-2023-45996 | 0.00 | — | 0.01 | Oct 31, 2023 | SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | |||
| CVE-2023-40970 | 0.00 | — | 0.01 | Sep 1, 2023 | Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | |||
| CVE-2023-40969 | 0.00 | — | 0.00 | Sep 1, 2023 | Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | |||
| CVE-2022-43361 | 0.00 | — | 0.00 | Nov 1, 2022 | Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | |||
| CVE-2022-38292 | 0.00 | — | 0.01 | Sep 12, 2022 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | |||
| CVE-2022-38291 | 0.00 | — | 0.00 | Sep 12, 2022 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. |
- risk 0.57cvss 8.8epss 0.01
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.
- risk 0.57cvss 8.8epss 0.01
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete…
- risk 0.40cvss 6.1epss 0.01
Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.
- risk 0.40cvss 6.1epss 0.01
Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI.
- risk 0.40cvss 6.1epss 0.01
Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI.
- risk 0.40cvss 6.1epss 0.01
Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242.
- risk 0.40cvss 6.1epss 0.01
Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI.
- CVE-2025-45819May 8, 2025risk 0.00cvss —epss 0.00
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.
- CVE-2025-45818May 8, 2025risk 0.00cvss —epss 0.00
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.
- CVE-2025-45820May 8, 2025risk 0.00cvss —epss 0.00
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.
- CVE-2023-48893Dec 1, 2023risk 0.00cvss —epss 0.01
SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.
- CVE-2023-45996Oct 31, 2023risk 0.00cvss —epss 0.01
SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.
- CVE-2023-40970Sep 1, 2023risk 0.00cvss —epss 0.01
Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.
- CVE-2023-40969Sep 1, 2023risk 0.00cvss —epss 0.00
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.
- CVE-2022-43361Nov 1, 2022risk 0.00cvss —epss 0.00
Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.
- CVE-2022-38292Sep 12, 2022risk 0.00cvss —epss 0.01
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.
- CVE-2022-38291Sep 12, 2022risk 0.00cvss —epss 0.00
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.