CVE-2022-48596

Vulnerability

A SQL injection vulnerability exists in the “ticket queue watchers” feature of ScienceLogic SL1 versions up to and including 11.1.2 [1]. The application takes unsanitized user-controlled input and passes it directly to a SQL query, allowing an attacker to inject arbitrary SQL statements before the query is executed against the database [1]. No authentication or special privileges are required to reach the vulnerable code path [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the “ticket queue watchers” endpoint with malicious SQL payloads in the user-controlled parameters [1]. No authentication is necessary; the attacker only needs network access to the ScienceLogic SL1 web interface [1]. The request is processed without sanitization, and the injected SQL is executed as part of the original query [1].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands against the underlying database [1]. This can lead to unauthorized disclosure of sensitive data, manipulation of database content, and potentially full compromise of the ScienceLogic SL1 system [1]. The impact is severe due to the attacker gaining database-level access without authentication [1].

Mitigation

ScienceLogic SL1 versions 11.1.2 and earlier are affected. The vendor recommends updating to the latest version of ScienceLogic SL1 to resolve the vulnerability [1]. No workaround has been published; applying the vendor’s patch is the only known mitigation [1].