Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-48581 | 1 Sciencelogic | 1 Sl1 | 2024-02-28 | N/A | 8.8 HIGH |
A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
CVE-2022-48586 | 1 Sciencelogic | 1 Sl1 | 2024-02-28 | N/A | 8.8 HIGH |
A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
CVE-2022-48589 | 1 Sciencelogic | 1 Sl1 | 2024-02-28 | N/A | 8.8 HIGH |
A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
CVE-2022-48593 | 1 Sciencelogic | 1 Sl1 | 2024-02-28 | N/A | 8.8 HIGH |
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
CVE-2022-48600 | 1 Sciencelogic | 1 Sl1 | 2024-02-28 | N/A | 8.8 HIGH |
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. |