CVE-2022-48592

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 78
CWE ID 89

Summary

CVE-2022-48593 is a SQL injection vulnerability affecting the "topology data service" feature in ScienceLogic SL1. The issue arises due to unsanitized user-controlled input being directly incorporated into SQL queries, enabling attackers to inject arbitrary SQL code before the query is executed against the database. This vulnerability poses a significant risk, as unauthorized SQL queries can lead to unauthorized data access, modification, or even database server takeover. It is crucial for ScienceLogic SL1 users to apply the necessary patches or updates to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share