270 matches found
Sql injection
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
Sql injection
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
Sql injection
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
Sql injection
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
Sql injection
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
Sql injection
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
Sql injection
A SQL injection vulnerability exists in the vendorstate parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
Sql injection
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48604
CVE-2022-48604 affects ScienceLogic SL1, with a SQL injection in the “logging export” feature where unsanitized user input is passed into a SQL query. Multiple sources (including CNNVD and Red Hat) indicate vulnerable versions include SL1 up to at least 11.1.2 (and prior); PT-Security notes no ex...
CVE-2022-48604
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48604
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48603
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48603
The CVE-2022-48603 entry describes a SQL injection vulnerability in ScienceLogic SL1’s “message viewer iframe” feature, where unsanitized user input is passed directly into a SQL query. Affected component: ScienceLogic SL1 (message viewer iframe). Root cause: lack of input sanitization before SQL...
CVE-2022-48603
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48602
CVE-2022-48602 describes a SQL injection in ScienceLogic SL1's “message viewer print” feature, where unsanitized user-controlled input is passed directly to a SQL query. The affected product is ScienceLogic SL1; the vulnerability stems from lack of input validation in that function, enabling inje...
CVE-2022-48602
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48602
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48601
CVE-2022-48601 describes a SQL injection in the ScienceLogic SL1 product, specifically the network print report feature where unsanitized input is passed directly to a SQL query. The vulnerability is documented with a high impact (CVSS 3.1 base score 8.8) and network access with low privileges. C...
CVE-2022-48601
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48600
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...