SQL Injection Vulnerability in SLiMS 8 Akasia (admin/AJAX_lookup_handler.php, admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php)

SQL Injection Vulnerability in SLiMS 8 Akasia (admin/AJAX_lookup_handler.php, admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php)

CVE-2017-12585 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.