CVE-2022-48601
Description
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A SQL injection vulnerability in ScienceLogic SL1's network print report allows unauthenticated attackers to execute arbitrary SQL queries.
Vulnerability
A SQL injection vulnerability exists in the “network print report” feature of ScienceLogic SL1 versions 11.1.2 and earlier. The feature takes unsanitized user-controlled input and passes it directly to a SQL query, allowing for the injection of arbitrary SQL before execution against the database [1].
Exploitation
An attacker can exploit this vulnerability by providing crafted input to the network print report feature. No authentication is required, as the feature is accessible to unauthenticated users. The input is not sanitized and is directly concatenated into a SQL query, enabling the attacker to inject malicious SQL commands [1].
Impact
Successful exploitation allows an attacker to execute arbitrary SQL commands against the database. This can lead to unauthorized access, modification, or deletion of data, potentially resulting in full compromise of the application and underlying data [1].
Mitigation
ScienceLogic has released an update to address this vulnerability. Users should upgrade to the latest version of ScienceLogic SL1 (beyond 11.1.2). No other workarounds have been disclosed [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ScienceLogic/SL 1v5Range: 11.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.