CVE-2022-45019 is a high-severity SQL injection vulnerability identified in SLiMS 9 Bulian version 9.5.0, an open-source library management system widely used for managing digital and physical library resources. The vulnerability arises from improper sanitization of the 'keywords' parameter, which allows an attacker to inject malicious SQL code into database queries. This flaw enables remote attackers to execute arbitrary SQL commands without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vulnerability impacts the confidentiality of the database, allowing unauthorized disclosure of sensitive information stored within the system, such as user data, library records, and potentially administrative credentials. However, the integrity and availability of the system are not directly affected by this vulnerability. The ease of exploitation is high due to the lack of required privileges and user interaction, making it a critical concern for organizations relying on SLiMS 9 Bulian 9.5.0. No known public exploits have been reported yet, and no official patches or vendor advisories are currently available. The vulnerability is classified under CWE-89, which corresponds to SQL injection, a common and dangerous web application security flaw. Given the nature of the vulnerability, attackers could leverage it to extract sensitive data or perform further attacks on the underlying database infrastructure.

For European organizations using SLiMS 9 Bulian 9.5.0, this vulnerability poses a significant risk to the confidentiality of their library management data. Libraries, educational institutions, and cultural organizations that rely on this software could face unauthorized data disclosure, including personal information of patrons, borrowing records, and internal operational data. Such breaches could lead to privacy violations under GDPR, reputational damage, and potential legal consequences. Although the vulnerability does not directly affect system integrity or availability, the exposure of sensitive data could facilitate subsequent attacks or unauthorized access to other connected systems. Given that SLiMS is often deployed in academic and public sector environments, the impact could extend to critical information infrastructure supporting research and education. The lack of authentication or user interaction requirements increases the likelihood of automated exploitation attempts, potentially leading to widespread compromise if not addressed promptly.

Organizations should immediately audit their SLiMS 9 Bulian installations to determine if version 9.5.0 is in use. In the absence of an official patch, administrators should implement the following specific mitigations: 1) Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the 'keywords' parameter. 2) Restrict database user permissions to the minimum necessary, avoiding use of highly privileged accounts for the application to limit the impact of a successful injection. 3) Conduct input validation and sanitization at the application level, applying parameterized queries or prepared statements if possible, to prevent injection. 4) Monitor logs for unusual query patterns or error messages indicative of injection attempts. 5) Consider isolating the SLiMS server within a segmented network zone to reduce exposure. 6) Engage with the SLiMS community or maintainers to track the release of official patches and apply them promptly once available. 7) As a longer-term measure, evaluate alternative library management solutions with stronger security postures if timely remediation is not feasible.