CVE-2023-48893: SQL Injection
First published: Fri Dec 01 2023(Updated: )
SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SLiMS Senayan Library Management System | =9.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-48893?
CVE-2023-48893 is a SQL injection vulnerability in Senayan Library Management Systems Slims 9 Bulian v.9.6.1.
How does CVE-2023-48893 affect the software?
CVE-2023-48893 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the date parameter in the staff_act.php file.
What is the severity of CVE-2023-48893?
CVE-2023-48893 has a severity rating of 8.8 (high).
How can I fix CVE-2023-48893?
To fix CVE-2023-48893, you should update your Senayan Library Management Systems Slims to a version that has patched the SQL injection vulnerability.
Where can I find more information about CVE-2023-48893?
You can find more information about CVE-2023-48893 on the GitHub links provided: [GitHub Issue](https://github.com/slims/slims9_bulian/issues/209) and [GitHub Advisory](https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-staff_act.md).
- agent/references
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/slims
- canonical/slims senayan library management system
- version/slims senayan library management system/9.6.1