Sciencelogic Sl1 vulnerabilities
27 known vulnerabilities affecting sciencelogic/sl1.
Total CVEs
27
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH26
Vulnerabilities
Page 2 of 2
CVE-2022-48592P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48592 [HIGH] CWE-78 CVE-2022-48592: A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” fe
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48591P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48591 [HIGH] CWE-78 CVE-2022-48591: A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feat
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48600P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48600 [HIGH] CWE-78 CVE-2022-48600: A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48585P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48585 [HIGH] CWE-78 CVE-2022-48585: A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 tha
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48593P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48593 [HIGH] CWE-78 CVE-2022-48593: A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48590P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48590 [HIGH] CWE-78 CVE-2022-48590: A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLog
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2025-58780P3HIGHCVSS 7.2fixed in 12.1.12025-09-05
CVE-2025-58780 [HIGH] CWE-89 CVE-2025-58780: index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE:
index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."
nvd
← Previous2 / 2