CVE-2011-5050

Summary

CVE	CVE-2011-5050
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-01-04 19:55:00 UTC
Updated	2017-08-29 01:30:00 UTC
Description	SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.

Risk And Classification

Problem Types: CWE-89

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Elitecore	Cyberoam Unified Threat Management	10.00	build0309	All	All
Hardware	Elitecore	Cyberoam Unified Threat Management	10.01	build0667	All	All
Hardware	Elitecore	Cyberoam Unified Threat Management	cr300i	10	All	All
Hardware	Elitecore	Cyberoam Unified Threat Management	cr500i	10	All	All
Hardware	Elitecore	Cyberoam Unified Threat Management	10.00	build0309	All	All
Hardware	Elitecore	Cyberoam Unified Threat Management	10.01	build0667	All	All
Hardware	Elitecore	Cyberoam Unified Threat Management	cr300i	10	All	All
Hardware	Elitecore	Cyberoam Unified Threat Management	cr500i	10	All	All
Hardware	Elitecore	Cyberoam Unified Threat Management	All	build0739	All	All

References

Reference	Source	Link	Tags
Security Advisory SA47304 - Cyberoam UTM "tableid" SQL Injection Vulnerability - Secunia	SECUNIA	secunia.com	Vendor Advisory
403 Forbidden	MISC	www.vulnerability-lab.com	Exploit
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
77986	OSVDB	osvdb.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.