CVE-2022-48586

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 78
CWE ID 89

Summary

CVE-2022-48586 is a SQL injection vulnerability affecting the "json walker" feature of ScienceLogic SL1. Unsanitized user-controlled input is directly incorporated into SQL queries, enabling attackers to inject malicious SQL code before they are executed against the database. This flaw poses a significant risk, as it allows unauthorized access, data manipulation, and potential data exfiltration. The vulnerability underscores the importance of input sanitization and SQL query validation in securing database systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share