CVE-2011-0960

Cisco Unified Operations Manager < 8.6 - SQL Injection via CCMs or ccm Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0960. PoCs published by Sense of Security.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Cisco Unified Operations Manager, including blind SQL injection, reflected XSS, and directory traversal. It provides specific exploit paths and technical details for each CVE.

Description

Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sense of Security · textremotewindows

https://www.exploit-db.com/exploits/17304

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Cisco Unified Operations Manager, including blind SQL injection, reflected XSS, and directory traversal. It provides specific exploit paths and technical details for each CVE.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Cisco Unified Operations Manager 8.0 and 8.5

Auth required

Prerequisites: Authenticated access to the target system

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/47898

Vendor Advisory x_refsource_confirm

http://tools.cisco.com/security/center/viewAlert.x?alertId=23086

Exploit, URL Repurposed x_refsource_misc

http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/17304

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/67522

Scores

EPSS 0.0378

EPSS Percentile 88.5%

Details

CWE

CWE-89

Status published

Products (10)

cisco/unified_operations_manager 1.1

cisco/unified_operations_manager 2.0

cisco/unified_operations_manager 2.0.1

cisco/unified_operations_manager 2.0.2

cisco/unified_operations_manager 2.0.3

cisco/unified_operations_manager 2.1

cisco/unified_operations_manager 2.2

cisco/unified_operations_manager 2.3

cisco/unified_operations_manager 8.0

cisco/unified_operations_manager < 8.5

Published May 20, 2011

Tracked Since Feb 18, 2026