Lucene search

K
vulnrichmentSecuriferaVULNRICHMENT:CVE-2022-48592
HistoryAug 09, 2023 - 6:09 p.m.

CVE-2022-48592

2023-08-0918:09:37
CWE-78
Securifera
github.com
2
sql injection
sciencelogic sl1
vendor print report
vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2022-48592