CVE-2022-48589

A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48589

CVE-2022-48589 is a SQL injection vulnerability in the ScienceLogic SL1 platform, specifically in the “reporting job editor” that unsafely passes user-controlled input to SQL queries. Affected component is SL1’s reporting job editor; root cause is unsanitized input reaching the database. The NVD ...

CVE-2022-48588

A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48588

A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48588

CVE-2022-48588 is a confirmed SQL injection vulnerability in the “schedule editor decoupled” feature of ScienceLogic SL1 . Multiple connected sources (e.g., Red Hat CVE entry, CNVD-2023-66420, and others) describe that unsanitized, user-controlled input is passed directly into a SQL query, enabli...

CVE-2022-48587

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48587

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48587

CVE-2022-48587 affects ScienceLogic SL1, where the schedule editor passes unsanitized user input directly into SQL queries, enabling SQL injection. The vulnerability is confirmed across multiple sources/specifications and has a CVSS v3.1 base score of 8.8 (HIGH) with network attack vector, low at...

CVE-2022-48586

A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48586

A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48586

CVE-2022-48586 is a SQL injection vulnerability in the “json walker” feature of ScienceLogic SL1. The issue arises when unsanitized, user-controlled input is passed directly to a SQL query, enabling arbitrary SQL execution against the database. Connected sources corroborate a vulnerability in SL1...

CVE-2022-48585

A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48585

CVE-2022-48585 maps to a SQL injection in the ScienceLogic SL1 admin brand portal. The vulnerability arises from unsanitized user input being passed directly to a SQL query, enabling arbitrary SQL execution. Multiple connected sources corroborate this weakness and describe affected software as Sc...

CVE-2022-48585

A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48584

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48584

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48584

CVE-2022-48584 describes a command-injection in ScienceLogic SL1’s Download and Convert Reports feature. The vulnerability stems from unsanitized user-controlled input being passed to a shell command, enabling arbitrary command execution on the underlying OS. Documents specify affected software a...

CVE-2022-48583

A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48583

CVE-2022-48583 affects ScienceLogic SL1, specifically the dashboard scheduler component. The vulnerability arises from unsanitized user input being passed directly to a shell command, enabling command injection on the underlying OS. Affected information from connected sources confirms this is a u...

CVE-2022-48583

A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...