Slims Senayan Library Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Slims Senayan Library Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2023-3744 — CVSS 9.9 (critical): Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests…
CVE-2022-38292 — CVSS 9.8 (critical): SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components…
CVE-2023-40970 — CVSS 8.8 (high): Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.
CVE-2021-45791 — CVSS 8.8 (high): Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php…
CVE-2017-12584 — CVSS 8.8 (high): There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without…
CVE-2023-45996 — CVSS 8.8 (high): SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive…
CVE-2022-45019 — CVSS 7.5 (high): SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.
CVE-2021-45793 — CVSS 7.5 (high): Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
CVE-2021-45794 — CVSS 7.5 (high): Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
CVE-2023-29850 — CVSS 7.5 (high): SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain…
CVE-2025-26200 — CVSS 7.2 (high): SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php…
CVE-2022-43362 — CVSS 7.2 (high): Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at…
CVE-2023-40969 — CVSS 6.1 (medium): Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/…
CVE-2022-38291 — CVSS 6.1 (medium): SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search…
CVE-2024-25288 — CVSS 4.9 (medium): SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.
CVE-2022-43361 — CVSS 4.8 (medium): Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component…
CVE-2021-45792 — CVSS 4.8 (medium): Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.