CVE-2022-48581
Description
A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection vulnerability in ScienceLogic SL1's 'dash export' feature allows arbitrary OS command execution.
Vulnerability
A command injection vulnerability exists in the 'dash export' feature of ScienceLogic SL1 (versions <= 11.1.2). The feature takes unsanitized user-controlled input and passes it directly to a shell command, allowing injection of arbitrary commands [1].
Exploitation
An attacker with network access and the ability to use the dash export feature can craft malicious input containing shell metacharacters. When the export function is invoked, the unsanitized input is passed to a shell command, executing the attacker's injected commands [1].
Impact
Successful exploitation allows arbitrary command execution on the underlying operating system with the privileges of the ScienceLogic SL1 process. This can lead to complete system compromise, including data exfiltration, installation of backdoors, or lateral movement [1].
Mitigation
Update to the latest version of ScienceLogic SL1 (beyond 11.1.2). The vendor has released a fix; users should apply the update promptly. No workarounds are mentioned [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ScienceLogic/SL 1v5Range: 11.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.