SQL Injection Vulnerabilities in Oracle Database 10g Release 1
CVE-2006-0586
Currently unrated
Summary
Multiple SQL injection vulnerabilities exist in Oracle Database 10g Release 1 prior to January 2006. These vulnerabilities allow remote attackers to execute arbitrary SQL commands through various parameters in functions of the SYS.KUPV$FT and SYS.KUPV$FT_INT packages. Due to insufficient details from Oracle's advisories, it is uncertain if and how these issues have been resolved, highlighting the importance of vigilance in database security.
References
EPSS Score
30% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved