CVE-2011-5262

SonicWALL Aventail SRA EX - SQL Injection via prodpage.cfm CategoryID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5262. PoCs published by Asheesh kumar.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in SonicWALL Aventail SSL-VPN. It provides a vulnerable URL endpoint but lacks executable exploit code or payload details.

Description

SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.

Exploits (1)

exploitdb WRITEUP

by Asheesh kumar · textwebappshardware

https://www.exploit-db.com/exploits/18122

View Code ZIP pw:eip

This is a writeup describing an SQL injection vulnerability in SonicWALL Aventail SSL-VPN. It provides a vulnerable URL endpoint but lacks executable exploit code or payload details.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: SonicWALL Aventail SSL-VPN

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18122

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/50702

Exploit vdb-entry x_refsource_osvdb

http://www.osvdb.org/77484

Scores

EPSS 0.0111

EPSS Percentile 61.5%

Details

CWE

CWE-89

Status published

Products (4)

sonicwall/aventail_sra_ex6000

sonicwall/aventail_sra_ex7000

sonicwall/aventail_sra_ex9000

sonicwall/aventail_sra_ex_virtual_appliance

Published Feb 12, 2013

Tracked Since Feb 18, 2026