Command injection

A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

Sql injection

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

Sql injection

A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

Command injection

A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

Sql injection

A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

Sql injection

A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

Command injection

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

Sql injection

A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48593

A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48593

A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48593

CVE-2022-48593 affects ScienceLogic SL1, specifically theTopology Data Service feature, where unsanitized user input is passed directly into a SQL query, enabling SQL injection. Public sources consistently describe this as a high-severity, network-based risk with high confidentiality, integrity, ...

CVE-2022-48592

A SQL injection vulnerability exists in the vendorcountry parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...

CVE-2022-48592

A SQL injection vulnerability exists in the vendorcountry parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...

CVE-2022-48592

ScienceLogic SL1 has a SQL injection in the vendor_country/vendor country parameter of the “vendor print report” feature, caused by unsanitized user input passed directly to a SQL query. The related connected sources confirm vulnerable input handling and SQL execution, impacting confidentiality a...

CVE-2022-48591

A SQL injection vulnerability exists in the vendorstate parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...

CVE-2022-48591

A SQL injection vulnerability exists in the vendorstate parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...

CVE-2022-48591

CVE-2022-48591 describes a SQL injection in the ScienceLogic SL1 product, arising from the vendor_state parameter used by the “vendor print report” feature. The vulnerability occurs when unsanitized user input is passed directly into a SQL query, allowing arbitrary SQL execution against the datab...

CVE-2022-48590

A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48590

CVE-2022-48590 affects ScienceLogic SL1, specifically the admin dynamic app mib errors feature. The root cause is unsanitized user-controlled input being passed directly into a SQL query, enabling SQL injection. Impact is high on confidentiality, integrity, and availability, with CVSSv3.1 base sc...

CVE-2022-48589

A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...