VYPR
Vendor

Slims

Products
8
CVEs
36
Across products
48
Status
Private

Products

8

Recent CVEs

36
View all 36 CVEs →
  • CVE-2025-25403CriApr 29, 2025
    risk 0.64cvss 9.8epss 0.00

    Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php.

  • CVE-2018-12659HigJun 22, 2018
    risk 0.57cvss 8.8epss 0.01

    SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.

  • CVE-2017-12585HigAug 6, 2017
    risk 0.57cvss 8.8epss 0.02

    SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.

  • CVE-2017-12584HigAug 6, 2017
    risk 0.57cvss 8.8epss 0.01

    There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete…

  • CVE-2025-61488HigOct 20, 2025
    risk 0.49cvss 7.6epss 0.00

    An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter

  • CVE-2017-12586MedAug 6, 2017
    risk 0.42cvss 6.5epss 0.03

    SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.

  • CVE-2018-12658MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.

  • CVE-2018-12657MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI.

  • CVE-2018-12656MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI.

  • CVE-2018-12655MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242.

  • CVE-2018-12654MedJun 22, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI.

  • CVE-2017-7242MedMar 23, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php,…

  • CVE-2017-7202MedMar 21, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and…

  • CVE-2025-65233Dec 17, 2025
    risk 0.00cvss epss 0.00

    Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path.

  • CVE-2025-45820May 8, 2025
    risk 0.00cvss epss 0.00

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.

  • CVE-2025-45818May 8, 2025
    risk 0.00cvss epss 0.00

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.

  • CVE-2025-45819May 8, 2025
    risk 0.00cvss epss 0.00

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.

  • CVE-2025-26200Feb 24, 2025
    risk 0.00cvss epss 0.01

    SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.

  • CVE-2024-25288Feb 21, 2024
    risk 0.00cvss epss 0.01

    SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.

  • CVE-2023-48813Dec 1, 2023
    risk 0.00cvss epss 0.01

    Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.