SQL Injection Vulnerability in ScienceLogic SL1 Product from ScienceLogic
CVE-2022-48602

8.8HIGH

Key Information:

Vendor

Sciencelogic

Status
Sl 1
Vendor
CVE Published:
9 August 2023

What is CVE-2022-48602?

A vulnerability has been identified in the ScienceLogic SL1's 'message viewer print' feature, which improperly handles user input. This flaw allows malicious users to insert arbitrary SQL commands into a query, potentially compromising the integrity and confidentiality of the database. By exploiting this weakness, an attacker can manipulate database queries to retrieve unauthorized data, perform administrative operations, or disrupt services, thereby posing significant risks to data security.

Affected Version(s)

SL 1 11.1.2

References

https://www.securifera.com/advisories/cve-2022-48602/

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ryan Wincey @rwincey @Securifera
.