PT-2023-15863 · Sciencelogic · Sciencelogic Sl1

B0Yd

Publicado

2023-08-09

Atualizado

2023-08-11

CVE-2022-48591

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ScienceLogic SL1 (affected versions not specified)

Description A SQL injection issue exists in the vendor state parameter of the "vendor print report" feature, allowing arbitrary SQL injection before execution against the database. This occurs because the feature takes unsanitized user-controlled input and passes it directly to a SQL query.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-89

Identificadores relacionados

CVE-2022-48591

Produtos afetados

Sciencelogic Sl1

PT-2023-15863 · Sciencelogic · Sciencelogic Sl1

CVE-2022-48591

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5