Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Sciencelogic Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-48590 1 Sciencelogic 1 Sl1 2023-11-07 N/A 8.8 HIGH
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48585 1 Sciencelogic 1 Sl1 2023-11-07 N/A 8.8 HIGH
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48600 1 Sciencelogic 1 Sl1 2023-11-07 N/A 8.8 HIGH
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48582 1 Sciencelogic 1 Sl1 2023-08-11 N/A 8.8 HIGH
A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
CVE-2022-48580 1 Sciencelogic 1 Sl1 2023-08-11 N/A 8.8 HIGH
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
CVE-2022-48581 1 Sciencelogic 1 Sl1 2023-08-11 N/A 8.8 HIGH
A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.