Skip to main content

Akasia

2 CVEs product

Monthly

CVE-2017-12586 MEDIUM POC This Month

SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Akasia
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12585 HIGH POC This Week

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Akasia
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
EPSS 0% CVSS 6.5
MEDIUM POC This Month

SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Akasia
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Akasia
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy