cbcvebase.

Sciencelogic Sl1 vulnerabilities

27 known vulnerabilities affecting sciencelogic/sl1.

Total CVEs
27
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH26

Vulnerabilities

Page 2 of 2
CVE-2022-48592P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48592 [HIGH] CWE-78 CVE-2022-48592: A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” fe A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48591P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48591 [HIGH] CWE-78 CVE-2022-48591: A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feat A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48600P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48600 [HIGH] CWE-78 CVE-2022-48600: A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48585P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48585 [HIGH] CWE-78 CVE-2022-48585: A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 tha A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48593P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48593 [HIGH] CWE-78 CVE-2022-48593: A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48590P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48590 [HIGH] CWE-78 CVE-2022-48590: A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLog A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2025-58780P3HIGHCVSS 7.2fixed in 12.1.12025-09-05
CVE-2025-58780 [HIGH] CWE-89 CVE-2025-58780: index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."
nvd
Sciencelogic Sl1 vulnerabilities | cvebase