CVE-2022-48591
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2022-48591 is a SQL injection vulnerability affecting the "vendor print report" feature in ScienceLogic SL1. The issue lies in the vendor_state parameter, which accepts unsanitized user-controlled input and incorporates it into SQL queries without proper validation. An attacker can exploit this vulnerability to inject arbitrary SQL code, potentially gaining unauthorized access to sensitive data or causing damage to the database. This poses a significant risk to organizations using ScienceLogic SL1 and highlights the importance of input validation and SQL query sanitization in cybersecurity.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.