Komangsughosa

**Name of the Vulnerable Software and Affected Versions** Senayan Library Management Systems (Slims) 9 Bulian version 9.6.1 **Description** The issue concerns a SQL Injection vulnerability. It can be exploited via the admin/modules/reporting/customs/fines report.php endpoint. **Recommendations** For version 9.6.1, consider restricting access to the `fines report.php` file until a patch is available. Avoid using user-inputted data in SQL queries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Senayan Library Management Systems SLIMS 9 Bulian version 9.6.1 **Description** The issue is related to Server Side Request Forgery (SSRF) and can be exploited via the "admin/modules/bibliography/pop p2p.php" endpoint. This allows for potentially unauthorized access to internal resources. **Recommendations** For version 9.6.1, consider restricting access to the "admin/modules/bibliography/pop p2p.php" endpoint until a patch is available. As a temporary workaround, disabling the functionality related to this endpoint may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Senayan Library Management Systems SLIMS 9 Bulian version 9.6.1 **Description** The issue concerns SQL Injection. It affects the `admin/modules/circulation/loan rules.php` endpoint. **Recommendations** For version 9.6.1, consider restricting access to the `loan rules.php` module to minimize the risk of exploitation until a patch is available.