SQL Injection Vulnerability in Oracle Database Upgrade & Downgrade Component
CVE-2006-0271

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
18 January 2006

Summary

An unspecified SQL injection vulnerability exists in the Oracle Database Upgrade & Downgrade component affecting various versions. This issue may allow an attacker to inject malicious SQL code via certain parameters in the DBMS_REGISTRY package, impacting function calls such as IS_COMPONENT, GET_COMP_OPTION, and VALIDATE_COMPONENTS. Although details from Oracle are limited, independent research suggests serious implications for database integrity and security.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.