Vulnerabilities (CVE)

Filtered by vendor Slims Subscribe
Filtered by product Akasia
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12586 1 Slims 1 Akasia 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.
CVE-2017-12585 1 Slims 1 Akasia 2024-11-21 6.5 MEDIUM 8.8 HIGH
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.