SQL Injection Vulnerabilities in Oracle Database 10g Release 1
CVE-2006-0586

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Application Server
Vendor: CVE Published:; 8 February 2006

Summary

Multiple SQL injection vulnerabilities exist in Oracle Database 10g Release 1 prior to January 2006. These vulnerabilities allow remote attackers to execute arbitrary SQL commands through various parameters in functions of the SYS.KUPV$FT and SYS.KUPV$FT_INT packages. Due to insufficient details from Oracle's advisories, it is uncertain if and how these issues have been resolved, highlighting the importance of vigilance in database security.

References

http://www.red-database-security.com/advisory/oracle_sql_...

x_refsource_MISC

http://www.red-database-security.com/advisory/oracle_cpu_...

x_refsource_MISC

http://www.osvdb.org/22840

vdb-entryx_refsource_OSVDB

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 8, 2006
Vulnerability Reserved
Feb 8, 2006