Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-2403

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 27.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Network Automation
Timeline
PublishedAug 1
Latest updateMay 17

Description

SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDhp/network_automation5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-j3h7-pmwf-rp9w: SQL injection vulnerability in HP Network Automation 72022-05-17
CVEList
CVE-2011-2403: SQL injection vulnerability in HP Network Automation 72011-08-01

💥Exploits & PoCs

1
Exploit-DB
HP Network Automation 9.10 - SQL Injection2011-07-28
CVE-2011-2403 (MEDIUM CVSS 6.5) | SQL injection vulnerability in HP N | cvebase.io