SQL Injection Vulnerability in Oracle Application Express by Oracle
CVE-2007-3860

Currently unrated

Key Information:

Vendor

Oracle
Status
Apex
Vendor
CVE Published:
18 July 2007

What is CVE-2007-3860?

An unspecified SQL injection vulnerability exists in Oracle Application Express (formerly Oracle HTML DB) versions 2.2.0.00.32 through 3.0.0.00.20. This issue allows attackers to exploit the wwv_flow_security.check_db_password function due to inadequate validation checks for special characters like '"'. This could lead to unauthorized access or manipulation of data within the application environment. Organizations using these versions are advised to implement recommended security updates to mitigate the associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...
vendor-advisoryx_refsource_HP
http://secunia.com/advisories/26114
third-party-advisoryx_refsource_SECUNIA
http://securityreason.com/securityalert/2901
third-party-advisoryx_refsource_SREASON

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.