Vulnerabilities > Sciencelogic > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2022-48591 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48592 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48593 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48594 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48595 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48596 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48597 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48598 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48599 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48600 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8