CVE-2022-48600

CVE-2022-48600 is a SQL injection vulnerability in the notes view feature of ScienceLogic SL1. The flaw accepts unsanitized user-controlled input which is passed directly to a SQL query, enabling arbitrary SQL execution against the database. Documents indicate the issue affects SL1 versions up to...

CVE-2022-48600

A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48599

ScienceLogic SL1 is affected by a SQL injection in the reporter events type feature, where unsanitized user input is passed directly into a SQL query. The vulnerability arises from improper input handling in the reporter events type function, enabling arbitrary SQL execution against the database....

CVE-2022-48599

A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48599

A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48598

ScienceLogic SL1 is affected by a SQL injection in the reporter events type date feature, caused by unsanitized user input passed directly to SQL queries. Root cause: lack of input validation/escaping. Impact: high on confidentiality, integrity, and availability per CVSS 3.1. A fix/affected versi...

CVE-2022-48598

A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48598

A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48597

CVE-2022-48597 describes a SQL injection in ScienceLogic SL1, specifically in the “ticket event report” feature where unsanitized, user-controlled input is passed directly to a SQL query. The root cause is lack of input sanitization/validation in that feature, enabling arbitrary SQL execution aga...

CVE-2022-48597

A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48597

A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48596

A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48596

A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48596

Affected software: ScienceLogic SL1. Vulnerability: SQL injection in the “ticket queue watchers” feature that uses unsanitized user input directly in SQL queries. Impact (as described): potential of injecting arbitrary SQL into the database; high severity per CVE metrics. Versions/scope: reports ...

CVE-2022-48595

ScienceLogic SL1 is affected by a SQL injection in the ticket template watchers feature. The vulnerability arises from unsanitized user-controlled input being passed directly to SQL queries, enabling injection of arbitrary SQL against the backend database. Known details indicate affected software...

CVE-2022-48595

A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48595

A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48594

The CVE-2022-48594 entry concerns ScienceLogic SL1, specifically the ticket watchers email feature. The vulnerability arises because unsanitized user-controlled input is passed directly into a SQL query, enabling SQL injection. Affected software is ScienceLogic SL1; the vulnerability is rooted in...

CVE-2022-48594

A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48594

A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...