exploitDog

CVE-2022-48582

Опубликовано: 09 авг. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

Ссылки

https://www.securifera.com/advisories/cve-2022-48582/
Third Party Advisory
https://www.securifera.com/advisories/cve-2022-48582/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*

Версия до 11.1.2 (включая)

EPSS

Процентиль: 61%

0.0041

Низкий

8.8 High

CVSS3

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-hpfj-hc4p-727p

CVSS3: 8.8

github

больше 2 лет назад

A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

EPSS

Процентиль: 61%

0.0041

Низкий

8.8 High

CVSS3

Дефекты

CWE-78

CWE-78