POC详情: 56a66c3321ad247747632a2f8e9f75542a846b35

来源
https://github.com/SexyShoelessGodofWar/CVE-2025-58780
关联漏洞
标题: ScienceLogic SL1 SQL注入漏洞 (CVE-2025-58780)
描述:ScienceLogic SL1是ScienceLogic公司的一个应用程序。将您的房地产连接在一起,实现多向数据流和工作流程的自动化。 ScienceLogic SL1 12.1.1之前版本存在SQL注入漏洞,该漏洞源于参数操作导致SQL注入。
描述
SQLi in ScienceLogic
介绍
# CVE-2025-58780
# Vulnerability Disclosure: SQL Injection in ScienceLogic 

## Overview
This document outlines a responsibly disclosed SQL injection vulnerability found in ScienceLogic's web platform. The vulnerability has been reported to the project maintainers in accordance with responsible disclosure practices to ensure timely mitigation and protection of users.

## Vulnerability Details
- **Type**: SQL Injection
- **Component**: index.em7 file in ScienceLogic web platform
- **CVE ID**: CVE-2025-58780
- **Discovered By**:Gareth Catterall
- **Discovery Date**: 2023
- **Reported Date**: 2023
- **Vendor**: ScienceLogic
- **Impact**: High

### Description
An SQL injection vulnerability was identified in ScienceLogic's web platform, specifically in the index.em7 file. A parameter passed as part of a request can be supplied with SQL statements, allowing an attacker to manipulate the database request and potentially gain unauthorized access to sensitive data or control over the database.
### Affected Versions
- **Affected Product Code Base**: ScienceLogic - All versions prior to 12.1.1
- **Unaffected Versions**: ScienceLogic v12.1.1 and later (fixed in this version)


### Proof of Concept
 - disclosed to vendor


## Mitigation
- **Users**: Upgrade to ScienceLogic version 12.1.1 or later to mitigate the vulnerability.
- **Maintainers**: The issue has been fixed by ScienceLogic in version 12.1.1.

## Responsible Disclosure Policy
This vulnerability was disclosed following responsible disclosure principles:
- Reported privately to ScienceLogic maintainers.
- Allowed reasonable time for a patch to be developed and deployed.
- Avoided sharing exploit details publicly until a patch was available.


## Acknowledgments
Thanks to ScienceLogic for their cooperation in addressing this vulnerability promptly.
 - https://docs.sciencelogic.com/release_notes_html/Content/12-1-1/12-1-1_release_notes.htm#New_Features_in_12-1-1
文件快照

 [4.0K]  /data/pocs/56a66c3321ad247747632a2f8e9f75542a846b35
└── [1.9K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。