SQL Injection Vulnerability in Oracle APEX/HTMLDB WWV_FLOW_UTILITIES
CVE-2006-7138

Currently unrated

Key Information:

Vendor

Oracle
Status
Apex
Vendor
CVE Published:
7 March 2007

What is CVE-2006-7138?

An SQL injection vulnerability exists in the wwv_flow_utilities.gen_popup_list function of the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB. This vulnerability allows authenticated remote users to manipulate the P_LOV parameter, thereby executing arbitrary SQL commands by providing an appropriate MD5 checksum for the P_LOV_CHECKSUM parameter. As a result, attackers may exploit this flaw to gain unauthorized access to sensitive data or execute harmful commands within the database environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.red-database-security.com/advisory/oracle_cpu_...
x_refsource_MISC
http://www.red-database-security.com/advisory/oracle_apex...
x_refsource_MISC
http://lists.grok.org.uk/pipermail/full-disclosure/2006-O...
mailing-listx_refsource_FULLDISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.