CVE-2022-48583
Description
A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection flaw in the ScienceLogic SL1 dashboard scheduler allows unauthenticated arbitrary OS command execution.
Vulnerability
A command injection vulnerability exists in the dashboard scheduler feature of ScienceLogic SL1 versions up to and including 11.1.2 [1]. The scheduler takes unsanitized user-controlled input and passes it directly to a shell command, allowing injection of arbitrary operating system commands [1].
Exploitation
An attacker does not require authentication to exploit this vulnerability [1]. The attacker can send specially crafted input to the dashboard scheduler endpoint, which is not properly sanitized, resulting in the execution of arbitrary shell commands on the underlying system [1].
Impact
Successful exploitation enables an unauthenticated attacker to achieve arbitrary command execution as the user running the ScienceLogic SL1 application [1]. This can lead to full compromise of the confidentiality, integrity, and availability of the affected system and its data [1].
Mitigation
Users should update to the latest version of ScienceLogic SL1 [1]. The vendor was notified and a fix is available [1]. No workaround or KEV listing was published in the available references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ScienceLogic/SL 1v5Range: 11.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.