CVE-2023-3744

Source
https://cve.org/CVERecord?id=CVE-2023-3744
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3744.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-3744
Published
2023-10-02T13:50:31.607Z
Modified
2026-07-08T07:16:20.129376262Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Server-Side Request Forgery in SLiMS
Details

Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3744.json",
    "cna_assigner": "INCIBE",
    "cwe_ids": [
        "CWE-918"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "9.6.0"
                },
                {
                    "last_affected": "9.6.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/slims/slims9_bulian

Affected ranges

Type
GIT
Repo
https://github.com/slims/slims9_bulian
Events
Database specific
{
    "cpe": "cpe:2.3:a:slims:senayan_library_management_system:9.6.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "9.6.0"
        },
        {
            "last_affected": "9.6.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

9.*
9.6.0
v9.*
v9.6.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3744.json"