CVE-2022-48591

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 78
CWE ID 89

Summary

CVE-2022-48591 is a SQL injection vulnerability affecting the "vendor print report" feature in ScienceLogic SL1. The issue lies in the vendor_state parameter, which accepts unsanitized user-controlled input and incorporates it into SQL queries without proper validation. An attacker can exploit this vulnerability to inject arbitrary SQL code, potentially gaining unauthorized access to sensitive data or causing damage to the database. This poses a significant risk to organizations using ScienceLogic SL1 and highlights the importance of input validation and SQL query sanitization in cybersecurity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share