SQLi in ScienceLogic# CVE-2025-58780
# Vulnerability Disclosure: SQL Injection in ScienceLogic
## Overview
This document outlines a responsibly disclosed SQL injection vulnerability found in ScienceLogic's web platform. The vulnerability has been reported to the project maintainers in accordance with responsible disclosure practices to ensure timely mitigation and protection of users.
## Vulnerability Details
- **Type**: SQL Injection
- **Component**: index.em7 file in ScienceLogic web platform
- **CVE ID**: CVE-2025-58780
- **Discovered By**:Gareth Catterall
- **Discovery Date**: 2023
- **Reported Date**: 2023
- **Vendor**: ScienceLogic
- **Impact**: High
### Description
An SQL injection vulnerability was identified in ScienceLogic's web platform, specifically in the index.em7 file. A parameter passed as part of a request can be supplied with SQL statements, allowing an attacker to manipulate the database request and potentially gain unauthorized access to sensitive data or control over the database.
### Affected Versions
- **Affected Product Code Base**: ScienceLogic - All versions prior to 12.1.1
- **Unaffected Versions**: ScienceLogic v12.1.1 and later (fixed in this version)
### Proof of Concept
- disclosed to vendor
## Mitigation
- **Users**: Upgrade to ScienceLogic version 12.1.1 or later to mitigate the vulnerability.
- **Maintainers**: The issue has been fixed by ScienceLogic in version 12.1.1.
## Responsible Disclosure Policy
This vulnerability was disclosed following responsible disclosure principles:
- Reported privately to ScienceLogic maintainers.
- Allowed reasonable time for a patch to be developed and deployed.
- Avoided sharing exploit details publicly until a patch was available.
## Acknowledgments
Thanks to ScienceLogic for their cooperation in addressing this vulnerability promptly.
- https://docs.sciencelogic.com/release_notes_html/Content/12-1-1/12-1-1_release_notes.htm#New_Features_in_12-1-1
[4.0K] /data/pocs/56a66c3321ad247747632a2f8e9f75542a846b35
└── [1.9K] README.md
0 directories, 1 file