CVE-2022-48595
Description
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A SQL injection flaw in ScienceLogic SL1's ticket template watchers allows unauthenticated attackers to execute arbitrary SQL queries.
Vulnerability
The "ticket template watchers" feature in ScienceLogic SL1 versions up to and including 11.1.2 contains a SQL injection vulnerability [1]. User-controlled input is not sanitized before being passed directly to a SQL query, enabling arbitrary SQL injection [1].
Exploitation
An attacker with network access to the ScienceLogic SL1 application can exploit this by supplying crafted input to the affected feature. No authentication is explicitly required to reach the vulnerable code path, and the input is processed server-side before execution against the database [1].
Impact
Successful exploitation allows an attacker to inject arbitrary SQL queries, potentially leading to data exfiltration, modification, or deletion. The impact is limited to the database layer, but full database compromise is possible [1].
Mitigation
ScienceLogic has released a fix for this vulnerability in version 11.1.2 or later [1]. Users should upgrade to the latest version of ScienceLogic SL1 to remediate. No workarounds are documented [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ScienceLogic/SL 1v5Range: 11.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.