Vuln0Wned

**Name of the Vulnerable Software and Affected Versions** SLIMS (Senayan Library Management Systems) 9 Bulian version 9.6.1 **Description** The issue is related to SQL Injection via the `pop-scope-vocabolary.php` file. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For SLIMS (Senayan Library Management Systems) 9 Bulian version 9.6.1, consider restricting access to the `pop-scope-vocabolary.php` file until a patch is available. Avoid using this file in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SLiMS versions prior to 9.6.2 **Description** The issue allows for SQL injection, potentially enabling a remote attacker to obtain sensitive information and execute arbitrary code. This can be achieved by crafting a script to the date parameter in the staff act.php file, specifically via the `startDate` or `untilDate` parameters. **Recommendations** For versions prior to 9.6.2, update to a version that contains a fix for this issue to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the staff act.php file or limiting the input for the `startDate` and `untilDate` parameters until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Senayan Library Management Systems Slims version 9 Senayan Library Management Systems Bulian version 9.6.1 **Description** The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the `reborrowLimit` parameter in the "member type.php" endpoint. **Recommendations** For Senayan Library Management Systems Slims version 9, update to a version that fixes the SQL injection vulnerability. For Senayan Library Management Systems Bulian version 9.6.1, update to a version that fixes the SQL injection vulnerability. As a temporary workaround, consider restricting access to the `member type.php` endpoint to minimize the risk of exploitation.