Key Information Summary Vulnerability Overview Vulnerability Type: SQL Injection (Remote Blind SQL Injection) Affected Product: SonicWall ViewPoint 6.0 SP2 Severity: Critical Disclosure Timeline Discovery Date: 2011-06-16 Vendor Notification: 2011-06-21 Vendor Fix: 2011-10-01 Public Release: 2011-10-02 Vulnerability Details Description: The SonicWall ViewPoint v6.x application contains a remote SQL injection vulnerability. Attackers can inject and execute their own SQL statements during the pre-authentication phase, leading to unauthorized database access. Affected Modules: - Schedule Reports (pre-authentication access) Example URL Technical Details SQL Query Examples: Vulnerability Fix Solution: Vendor has released a hotfix, available for download from the official website. Additional Information Risk Assessment: Due to the pre-authentication remote attack vector, this SQL injection vulnerability is assessed as critical in severity. PoC Code: JavaScript code example provided, demonstrating how an attacker could exploit this vulnerability.