Senayan Library Management System
Products
2- 6 CVEs
- 2 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37794 | Cri | 0.64 | 9.8 | 0.01 | Sep 12, 2022 | In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection. | ||
| CVE-2018-18796 | Cri | 0.64 | 9.8 | 0.02 | Nov 16, 2018 | Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | ||
| CVE-2024-24336 | Hig | 0.53 | 8.1 | 0.00 | Mar 19, 2024 | A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized… | ||
| CVE-2024-24337 | Hig | 0.52 | 8.0 | 0.01 | Feb 12, 2024 | CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. | ||
| CVE-2025-61488 | Hig | 0.49 | 7.6 | 0.00 | Oct 20, 2025 | An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter | ||
| CVE-2022-43362 | Hig | 0.47 | 7.2 | 0.01 | Nov 1, 2022 | Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. | ||
| CVE-2025-22980 | Med | 0.44 | 6.7 | 0.01 | Jan 22, 2025 | A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php. | ||
| CVE-2022-43361 | Med | 0.31 | 4.8 | 0.00 | Nov 1, 2022 | Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. |
- risk 0.64cvss 9.8epss 0.01
In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.
- risk 0.64cvss 9.8epss 0.02
Library Management System 1.0 has SQL Injection via the "Search for Books" screen.
- risk 0.53cvss 8.1epss 0.00
A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized…
- risk 0.52cvss 8.0epss 0.01
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.
- risk 0.49cvss 7.6epss 0.00
An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter
- risk 0.47cvss 7.2epss 0.01
Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.
- risk 0.44cvss 6.7epss 0.01
A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.
- risk 0.31cvss 4.8epss 0.00
Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.