SQL Injection Vulnerability in Oracle Diagnostics Module by Oracle
CVE-2006-1037

Currently unrated

Key Information:

Vendor: Oracle
Status: E-business Suite; Diagnostics
Vendor: CVE Published:; 7 March 2006

What is CVE-2006-1037?

The Oracle Diagnostics Module prior to version 2.2 is susceptible to an SQL injection flaw that allows remote attackers to execute arbitrary SQL commands. This vulnerability arises from insufficient input validation and can be exploited through various unspecified methods. Successful exploitation could lead to unauthorized access to sensitive data or manipulation of the database, posing significant risks to the integrity and availability of the affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25259

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/16844

vdb-entryx_refsource_BID

http://www.integrigy.com/info/IntegrigySecurityAnalysis-O...

x_refsource_MISC

Timeline

Vulnerability published
Mar 7, 2006
Vulnerability Reserved
Mar 7, 2006