Akasia

akasia

Vendor: Slims • 2 CVEs

CVEs (2)

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

1Slims

1Akasia

May 13, 2026

Aug 6, 2017

N/A· v4

6.5 MEDIUM· v3

4.0 MEDIUM· v2

SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.

1Slims

1Akasia

May 13, 2026

Aug 6, 2017

N/A· v4

8.8 HIGH· v3

6.5 MEDIUM· v2

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authen...Show more

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.Show less