Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-48596: CVE-2022-48596

A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE
Open in Source
#sql#vulnerability

Skip to content

  • HOME

  • ABOUT

  • ADVISORIES

  • BLOG

  • PROJECTS

  • CONTACT

  • HOME

  • ABOUT

  • ADVISORIES

  • BLOG

  • PROJECTS

  • CONTACT

CVE-2022-48596b0yd2023-08-09T18:22:17+00:00

The following vulnerability was found in ScienceLogic SL1.******CVE-2022-48596******A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

  • ScienceLogic SL1 <= 11.1.2

Update to the latest version of ScienceLogic SL1.

09.06.2022

Notified vendor of vulnerability

10.04.2022

Vendor hires law firm to manage disclosure

10.28.2023

Vendor refuses CVE issuance and disclosure

11.28.2022

Vendor’s legal team strongly advises against disclosing to MITRE

06.07.2023

Vendor notified of intent to issue CVEs and disclose vulnerabilities

08.09.2023

Page load link

Go to Top

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE