CVE-2022-48585
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 78
CWE ID 89
Summary
CVE-2022-48585 is a SQL injection vulnerability affecting the "admin brand portal" feature in ScienceLogic SL1. Unsanitized user input is taken and directly incorporated into SQL queries, enabling attackers to inject malicious SQL code and execute arbitrary queries against the database. This weakness poses a significant risk, as it could lead to unauthorized access or data manipulation. Users are advised to apply the relevant patch as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share