SL1

CVEs (27)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-58780	ScienceLogic SL1	Hig	0.47	7.2	0.00		Sep 5, 2025	index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."
CVE-2024-9537	ScienceLogic SL1		0.17	—	0.64	KEV	Oct 18, 2024	ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions…
CVE-2022-48604	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48603	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48602	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48601	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48600	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48599	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48598	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the…
CVE-2022-48597	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48596	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48595	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the…
CVE-2022-48594	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48593	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48592	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being…
CVE-2022-48591	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being…
CVE-2022-48590	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the…
CVE-2022-48589	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48588	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the…
CVE-2022-48587	ScienceLogic SL1		0.00	—	0.00		Aug 9, 2023	A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE-2025-58780HigSep 5, 2025
ScienceLogic
SL1
risk 0.47cvss 7.2epss 0.00
index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."
CVE-2024-9537KEVOct 18, 2024
ScienceLogic
SL1
risk 0.17cvss —epss 0.64
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions…
CVE-2022-48604Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48603Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48602Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48601Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48600Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48599Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48598Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the…
CVE-2022-48597Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48596Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48595Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the…
CVE-2022-48594Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48593Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48592Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being…
CVE-2022-48591Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being…
CVE-2022-48590Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the…
CVE-2022-48589Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48588Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the…
CVE-2022-48587Aug 9, 2023
ScienceLogic
SL1
risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Page 1 of 2