{"vulnerability": "CVE-2022-4858", "sightings": [{"uuid": "87722cb1-d770-41ec-ab6a-1d4973b67742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48587", "type": "seen", "source": "https://t.me/cibsecurity/68111", "content": "\u203c CVE-2022-48587 \u203c\n\nA SQL injection vulnerability exists in the \u00e2\u20ac\u0153schedule editor\u00e2\u20ac\ufffd feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:08.000000Z"}, {"uuid": "3934d662-1c8c-4298-9c76-d4c077c802a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48589", "type": "seen", "source": "https://t.me/cibsecurity/68116", "content": "\u203c CVE-2022-48589 \u203c\n\nA SQL injection vulnerability exists in the \u00e2\u20ac\u0153reporting job editor\u00e2\u20ac\ufffd feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:16.000000Z"}, {"uuid": "966b5935-ce96-4537-bd1b-1d48821e4f73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48585", "type": "seen", "source": "https://t.me/cibsecurity/68112", "content": "\u203c CVE-2022-48585 \u203c\n\nA SQL injection vulnerability exists in the \u00e2\u20ac\u0153admin brand portal\u00e2\u20ac\ufffd feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:09.000000Z"}, {"uuid": "d2a890b3-dfe2-411b-a2cc-c226ebac7409", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48580", "type": "seen", "source": "https://t.me/cibsecurity/68121", "content": "\u203c CVE-2022-48580 \u203c\n\nA command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for\u00c2\u00a0the injection of arbitrary commands to the underlying operating system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T22:15:24.000000Z"}, {"uuid": "bde86009-b525-4f06-ab18-71001d89b27c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4858", "type": "seen", "source": "https://t.me/cibsecurity/55562", "content": "\u203c CVE-2022-4858 \u203c\n\nInsertion of Sensitive Information into Log Files in M-Files Server in M-Files before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-30T14:14:14.000000Z"}]}