Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1653

CWE-89SQL Injection5 documents5 sources
Severity
10.0CRITICAL
EPSS
75.3%
top 1.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Broadcom Total Defense
Timeline
PublishedApr 18
Latest updateApr 23

Description

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-fw8j-3h2g-fxpw: Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to e2022-05-13
CVEList
CVE-2011-1653: Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to e2011-04-15

💥Exploits & PoCs

1
Exploit-DB
CA Total Defense Suite - reGenerateReports Stored procedure SQL Injection (Metasploit)2011-10-02

🔍Detection Rules

1
Suricata
ET EXPLOIT CA Total Defense Suite SQLi Attempt Inbound (CVE-2011-1653)2025-04-23
CVE-2011-1653 (CRITICAL CVSS 10) | Multiple SQL injection vulnerabilit | cvebase.io