ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66412)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL statements in the json walker functionality, and can be exploited by an attacker to execute illegal SQL commands to steal sensitive database data.