CVE-2011-5050

Cyberoam Unified Threat Management < 10.01.2 - Authenticated SQL Injection via tableid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5050. PoCs published by Benjamin Kunz Mejri.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Cyberoam UTM, where the 'tableid' parameter in the URL is not properly sanitized. This allows attackers to inject malicious SQL queries, potentially compromising the application or underlying database.

Description

SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Benjamin Kunz Mejri · textwebappsphp

https://www.exploit-db.com/exploits/36473

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in Cyberoam UTM, where the 'tableid' parameter in the URL is not properly sanitized. This allows attackers to inject malicious SQL queries, potentially compromising the application or underlying database.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Cyberoam UTM

No auth needed

Prerequisites: Access to the vulnerable URL endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47304

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/77986

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/71920

Exploit x_refsource_misc

http://www.vulnerability-lab.com/get_content.php?id=60

Scores

EPSS 0.0092

EPSS Percentile 55.3%

Details

CWE

CWE-89

Status published

Products (5)

elitecore/cyberoam_unified_threat_management 10.00 build0309

elitecore/cyberoam_unified_threat_management 10.01 build0667

elitecore/cyberoam_unified_threat_management cr300i 10

elitecore/cyberoam_unified_threat_management cr500i 10

elitecore/cyberoam_unified_threat_management < 10.01.0

Published Jan 04, 2012

Tracked Since Feb 18, 2026