VAR-201302-0005
Vulnerability from variot - Updated: 2025-04-11 23:19SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. SonicWALL Aventail is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. Further research conducted by the vendor indicates this issue may not be a vulnerability affecting the application. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201302-0005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aventail sra ex9000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": null
},
{
"model": "aventail sra ex7000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": null
},
{
"model": "aventail sra ex virtual appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": null
},
{
"model": "aventail sra ex6000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": null
},
{
"model": "aventail sra ex virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "aventail sra ex6000",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "aventail sra ex7000",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "aventail sra ex9000",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "aventail",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "50702"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-323"
},
{
"db": "NVD",
"id": "CVE-2011-5262"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sonicwall:aventail_sra_ex_virtual_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sonicwall:aventail_sra_ex6000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sonicwall:aventail_sra_ex7000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sonicwall:aventail_sra_ex9000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asheesh Anaconda",
"sources": [
{
"db": "BID",
"id": "50702"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-323"
}
],
"trust": 0.9
},
"cve": "CVE-2011-5262",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-5262",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-53207",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-5262",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-5262",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-323",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-53207",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53207"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-323"
},
{
"db": "NVD",
"id": "CVE-2011-5262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. SonicWALL Aventail is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. \nA successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. \nFurther research conducted by the vendor indicates this issue may not be a vulnerability affecting the application. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5262"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
},
{
"db": "BID",
"id": "50702"
},
{
"db": "VULHUB",
"id": "VHN-53207"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-53207",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53207"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-5262",
"trust": 2.8
},
{
"db": "BID",
"id": "50702",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "77484",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "18122",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001562",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-323",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-72337",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-53207",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53207"
},
{
"db": "BID",
"id": "50702"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-323"
},
{
"db": "NVD",
"id": "CVE-2011-5262"
}
]
},
"id": "VAR-201302-0005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-53207"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:19:32.593000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SonicWALL Aventail",
"trust": 0.8,
"url": "http://www.sonicwall.com/us/en/products/EX_Series.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53207"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
},
{
"db": "NVD",
"id": "CVE-2011-5262"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/50702"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/18122"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/77484"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5262"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5262"
},
{
"trust": 0.3,
"url": "http://www.sonicwall.com/us/products/ex_series.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53207"
},
{
"db": "BID",
"id": "50702"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-323"
},
{
"db": "NVD",
"id": "CVE-2011-5262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-53207"
},
{
"db": "BID",
"id": "50702"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-323"
},
{
"db": "NVD",
"id": "CVE-2011-5262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-53207"
},
{
"date": "2011-11-17T00:00:00",
"db": "BID",
"id": "50702"
},
{
"date": "2013-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001562"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-323"
},
{
"date": "2013-02-12T20:55:03.777000",
"db": "NVD",
"id": "CVE-2011-5262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-53207"
},
{
"date": "2013-02-14T12:21:00",
"db": "BID",
"id": "50702"
},
{
"date": "2013-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001562"
},
{
"date": "2013-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-323"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-5262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWALL Aventail In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001562"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-323"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…