SQL Injection Vulnerability in Oracle Database Upgrade & Downgrade Component
CVE-2006-0271

Currently unrated

Key Information:

Vendor
Oracle
Status
Oracle8i
Database Server
Oracle10g
Oracle9i
Vendor
CVE Published:
18 January 2006

Summary

An unspecified SQL injection vulnerability exists in the Oracle Database Upgrade & Downgrade component affecting various versions. This issue may allow an attacker to inject malicious SQL code via certain parameters in the DBMS_REGISTRY package, impacting function calls such as IS_COMPONENT, GET_COMP_OPTION, and VALIDATE_COMPONENTS. Although details from Oracle are limited, independent research suggests serious implications for database integrity and security.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
vdb-entryx_refsource_XF
http://www.red-database-security.com/advisory/oracle_cpu_...
x_refsource_MISC
http://secunia.com/advisories/18493
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.