VYPR

Akasia

by Slims

Source repositories

CVEs (5)

  • CVE-2017-12585HigAug 6, 2017
    risk 0.57cvss 8.8epss 0.02

    SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.

  • CVE-2017-12586MedAug 6, 2017
    risk 0.42cvss 6.5epss 0.03

    SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.

  • CVE-2018-12658MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.

  • CVE-2018-12655MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242.

  • CVE-2018-12654MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI.