SQL Injection Vulnerability in Oracle Database Triggers by Oracle Corporation
CVE-2004-1339

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
23 December 2004

Summary

An SQL injection vulnerability exists within the MDSYS.SDO_GEOM_TRIG_INS1 and MDSYS.SDO_LRS_TRIG_INS default triggers in specific versions of the Oracle Database. This flaw permits remote attackers to execute arbitrary SQL commands by manipulating the parameters of new.table_name or new.column_name. This exploitation can lead to unauthorized access to data and the potential for further attacks on the database instance.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.