SQL Injection Vulnerability in ScienceLogic SL1 Admin Brand Portal
CVE-2022-48585

8.8HIGH

Key Information:

Vendor: Sciencelogic
Status: Sl 1
Vendor: CVE Published:; 9 August 2023

🔔 Create Sciencelogic Vulnerability Alert

What is CVE-2022-48585?

A SQL injection issue has been identified within the admin brand portal of ScienceLogic SL1. This vulnerability arises from the failure to properly sanitize user inputs before they are utilized in SQL queries, enabling attackers to inject arbitrary SQL code. If successfully exploited, this may lead to unauthorized data access or manipulation, posing a significant risk to the integrity and confidentiality of the underlying database.

Affected Version(s)

SL 1 11.1.2

References

https://www.securifera.com/advisories/cve-2022-48585/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 9, 2023
Vulnerability Reserved
Aug 9, 2023

Credit

Ryan Wincey @rwincey @Securifera

JSON