CVE-2024-25288

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25288
SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md Exploit Third Party Advisory
https://github.com/slims/slims9_bulian/issues/229 Exploit Issue Tracking Vendor Advisory
https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md Exploit Third Party Advisory
https://github.com/slims/slims9_bulian/issues/229 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:slims:senayan_library_management_system:*:*:*:*:*:*:*:*
History

05 May 2025, 17:24

Type Values Removed Values Added
References () https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md - () https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md - Exploit, Third Party Advisory
References () https://github.com/slims/slims9_bulian/issues/229 - () https://github.com/slims/slims9_bulian/issues/229 - Exploit, Issue Tracking, Vendor Advisory
First Time Slims senayan Library Management System
Slims
CPE cpe:2.3:a:slims:senayan_library_management_system:*:*:*:*:*:*:*:*

21 Nov 2024, 09:00

Type Values Removed Values Added
References () https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md - () https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md -
References () https://github.com/slims/slims9_bulian/issues/229 - () https://github.com/slims/slims9_bulian/issues/229 -

16 Aug 2024, 17:35

Type Values Removed Values Added
CWE CWE-89
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.9

22 Feb 2024, 19:07

Type Values Removed Values Added
Summary
  • (es) SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 es vulnerable a la inyección SQL a través de pop-scope-vocabolary.php.

21 Feb 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-21 17:15

Updated : 2025-05-05 17:24

NVD link : CVE-2024-25288

Mitre link : CVE-2024-25288

CVE.ORG link : CVE-2024-25288

JSON object : View

Products Affected

slims

  • senayan_library_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')