CVE-2022-48582
Description
A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection in ScienceLogic SL1 ticket report generation allows arbitrary OS command execution via unsanitized input.
Vulnerability
A command injection vulnerability exists in the ticket report generate feature of ScienceLogic SL1 (versions <= 11.1.2). The feature takes unsanitized user-controlled input and passes it directly to a shell command, allowing injection of arbitrary operating system commands [1].
Exploitation
An attacker with access to the ticket report generate functionality can craft malicious input containing shell metacharacters. The input is not sanitized before being passed to a shell command, enabling the attacker to execute arbitrary commands on the underlying operating system [1].
Impact
Successful exploitation allows an attacker to execute arbitrary commands with the privileges of the ScienceLogic SL1 application, potentially leading to full compromise of the affected system, including data exfiltration, installation of malware, or lateral movement [1].
Mitigation
ScienceLogic recommends updating to the latest version of SL1. The vulnerability affects versions <= 11.1.2; users should upgrade to a patched release. No workaround is provided in the advisory [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ScienceLogic/SL 1v5Range: 11.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.