CVE-2022-48592
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2022-48593 is a SQL injection vulnerability affecting the "topology data service" feature in ScienceLogic SL1. The issue arises due to unsanitized user-controlled input being directly incorporated into SQL queries, enabling attackers to inject arbitrary SQL code before the query is executed against the database. This vulnerability poses a significant risk, as unauthorized SQL queries can lead to unauthorized data access, modification, or even database server takeover. It is crucial for ScienceLogic SL1 users to apply the necessary patches or updates to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.