SQL Injection Vulnerability in Oracle Database Upgrade & Downgrade Component
CVE-2006-0271
Currently unrated
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 18 January 2006
Summary
An unspecified SQL injection vulnerability exists in the Oracle Database Upgrade & Downgrade component affecting various versions. This issue may allow an attacker to inject malicious SQL code via certain parameters in the DBMS_REGISTRY package, impacting function calls such as IS_COMPONENT, GET_COMP_OPTION, and VALIDATE_COMPONENTS. Although details from Oracle are limited, independent research suggests serious implications for database integrity and security.
References
Timeline
Vulnerability published
Vulnerability Reserved