SQL Injection Vulnerability in Oracle Application Express by Oracle
CVE-2007-3860

Currently unrated

Key Information:

Vendor: Oracle
Status: Apex
Vendor: CVE Published:; 18 July 2007

What is CVE-2007-3860?

An unspecified SQL injection vulnerability exists in Oracle Application Express (formerly Oracle HTML DB) versions 2.2.0.00.32 through 3.0.0.00.20. This issue allows attackers to exploit the wwv_flow_security.check_db_password function due to inadequate validation checks for special characters like '"'. This could lead to unauthorized access or manipulation of data within the application environment. Organizations using these versions are advised to implement recommended security updates to mitigate the associated risks.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://secunia.com/advisories/26114

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/2901

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Jul 18, 2007
Vulnerability Reserved
Jul 18, 2007