slims 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk ssrf、vendor risk csrf, and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure、vendor impact session compromise, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-45820 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php. | [email protected] | 6.5 | 0.05% | 2025-05-08 | 2025-06-17 |
| CVE-2025-45819 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php. | [email protected] | 6.5 | 0.05% | 2025-05-08 | 2025-06-17 |
| CVE-2025-45818 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php. | [email protected] | 6.5 | 0.05% | 2025-05-08 | 2025-06-17 |
| CVE-2025-26200 | SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. | [email protected] | 7.2 | 1.33% | 2025-02-24 | 2025-05-01 |
| CVE-2025-22980 | A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php. | [email protected] | 6.7 | 0.21% | 2025-01-22 | 2025-06-18 |
| CVE-2024-25288 | SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php. | [email protected] | 4.9 | 0.23% | 2024-02-21 | 2025-05-05 |
| CVE-2023-48893 | SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | [email protected] | 8.8 | 0.11% | 2023-12-01 | 2024-11-21 |
| CVE-2023-48813 | Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | [email protected] | 8.8 | 0.11% | 2023-12-01 | 2024-11-21 |
| CVE-2023-45996 | SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | [email protected] | 8.8 | 2.02% | 2023-10-31 | 2024-11-21 |
| CVE-2023-3744 | Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. | [email protected] | 9.9 | 0.10% | 2023-10-02 | 2024-11-21 |
| CVE-2023-40970 | Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | [email protected] | 8.8 | 0.09% | 2023-09-01 | 2024-11-21 |
| CVE-2023-40969 | Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | [email protected] | 6.1 | 0.05% | 2023-09-01 | 2024-11-21 |
| CVE-2023-29850 | SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information. | [email protected] | 7.5 | 0.16% | 2023-04-14 | 2025-02-06 |
| CVE-2022-45019 | SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | [email protected] | 7.5 | 0.27% | 2022-12-05 | 2025-04-24 |
| CVE-2022-43362 | Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. | [email protected] | 7.2 | 0.26% | 2022-11-01 | 2025-05-05 |
| CVE-2022-43361 | Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | [email protected] | 4.8 | 0.23% | 2022-11-01 | 2025-05-05 |
| CVE-2022-38292 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | [email protected] | 9.8 | 0.33% | 2022-09-12 | 2024-11-21 |
| CVE-2022-38291 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. | [email protected] | 6.1 | 0.22% | 2022-09-12 | 2024-11-21 |
| CVE-2021-45794 | Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. | [email protected] | 7.5 | 0.23% | 2022-03-17 | 2024-11-21 |
| CVE-2021-45793 | Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. | [email protected] | 7.5 | 31.48% | 2022-03-17 | 2024-11-21 |