Description
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-51276 | A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. |
References
| Link | Providers |
|---|---|
| https://www.securifera.com/advisories/cve-2022-48580/ |
|
History
Thu, 10 Oct 2024 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: Securifera
Published:
Updated: 2024-10-10T14:54:53.574Z
Reserved: 2023-08-09T16:58:35.310Z
Link: CVE-2022-48580
Updated: 2024-08-03T15:17:55.308Z
Status : Modified
Published: 2023-08-09T18:15:10.540
Modified: 2026-06-17T05:15:38.577
Link: CVE-2022-48580
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
EUVD