CVE-2011-5169
Description
SQL injection in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.
Vulnerability
A SQL injection vulnerability exists in SonicWall ViewPoint 6.0 SP2 within the sgms/reports/scheduledreports/configure/scheduleProps.jsp file. The vulnerability stems from insufficient sanitization of user-supplied data in the scheduleID parameter, which is used in an SQL query. [1]
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending a crafted scheduleID parameter containing SQL commands to the scheduleProps.jsp endpoint. The attacker does not require any special privileges or user interaction to trigger the vulnerability. [1]
Impact
Successful exploitation allows an attacker to execute arbitrary SQL commands on the underlying database. This could lead to the compromise of the application, unauthorized access to or modification of sensitive data, or the exploitation of other latent vulnerabilities within the database. [1]
Mitigation
SonicWall ViewPoint 6.0 SP2 is confirmed to be vulnerable. Information regarding a fixed version or specific mitigation steps is not yet disclosed in the available references. [1]
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:dell:sonicwall_viewpoint:6.0:sp2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.