SQL Injection Vulnerability in Oracle Database Triggers by Oracle Corporation
CVE-2004-1339
Currently unrated
Summary
An SQL injection vulnerability exists within the MDSYS.SDO_GEOM_TRIG_INS1 and MDSYS.SDO_LRS_TRIG_INS default triggers in specific versions of the Oracle Database. This flaw permits remote attackers to execute arbitrary SQL commands by manipulating the parameters of new.table_name or new.column_name. This exploitation can lead to unauthorized access to data and the potential for further attacks on the database instance.
References
Timeline
Vulnerability Reserved
Vulnerability published