A SQL injection vulnerability exists in the “ticket queue...
High severity
Unreviewed
Published
Aug 9, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Aug 9, 2023
Published to the GitHub Advisory Database
Aug 9, 2023
Last updated
Apr 4, 2024
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References