CVE-2025-45819 is a medium-severity SQL Injection vulnerability affecting Slims (Senayan Library Management Systems) version 9 Bulian 9.6.1. The vulnerability exists in the admin/modules/master_file/author.php component of the application. SQL Injection (CWE-89) vulnerabilities allow attackers to manipulate backend SQL queries by injecting malicious input, potentially leading to unauthorized data access or modification. According to the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), the vulnerability can be exploited remotely over the network without any privileges or user interaction, with low attack complexity. The impact affects confidentiality and integrity but does not affect availability. No known exploits are currently reported in the wild, and no patches or vendor advisories are linked yet. Slims is an open-source library management system used by libraries to manage bibliographic data and user information. The vulnerable component likely handles author data management, which may contain sensitive or proprietary information. Exploiting this vulnerability could allow attackers to extract or alter author-related data, potentially exposing confidential information or corrupting library records. Given the lack of authentication requirements and the remote attack vector, this vulnerability poses a tangible risk to affected deployments until mitigated.

For European organizations, particularly libraries, educational institutions, and cultural heritage organizations using Slims 9 Bulian 9.6.1, this vulnerability could lead to unauthorized disclosure or tampering of bibliographic and user data. This may result in privacy violations, data integrity issues, and reputational damage. Since Slims is used to manage library resources and user records, exploitation could disrupt library operations or lead to data breaches involving personally identifiable information (PII) of patrons. Although availability is not directly impacted, the integrity loss could undermine trust in the system's data accuracy. Additionally, compromised data could be leveraged for further attacks or fraud. The lack of known exploits suggests the threat is not yet widespread, but the ease of exploitation and remote attack vector mean European organizations should act proactively to prevent potential incidents.

1. Immediate mitigation should include restricting access to the vulnerable author.php module to trusted administrators only, ideally via network segmentation or VPN access. 2. Implement input validation and parameterized queries or prepared statements in the affected code to prevent SQL injection. Since no official patch is currently available, organizations should review and sanitize all inputs in the author.php module manually. 3. Monitor logs for suspicious SQL query patterns or unexpected database errors related to author data management. 4. Conduct a thorough security audit of the Slims installation and consider upgrading to a newer, patched version once available. 5. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the vulnerable endpoint. 6. Educate administrative users on the risks and signs of exploitation attempts. 7. Regularly back up library data to enable recovery in case of data corruption or unauthorized changes.