SQL Injection Vulnerabilities in Oracle9i Application Server by Oracle
CVE-2003-1193

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server Portal
Vendor: CVE Published:; 3 November 2003

What is CVE-2003-1193?

The Oracle9i Application Server contains multiple SQL injection vulnerabilities that can be exploited via the List of Values (LOVs), Forms, Hierarchy, and XML components. Attackers may leverage these vulnerabilities to execute arbitrary SQL commands through specially crafted URLs, potentially compromising the database and exposing sensitive information.

References

http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/343520

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/13593

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
Nov 3, 2003