漏洞标题
N/A
漏洞描述信息
"Oracle数据库10g及更早版本中的数据泵元数据API中的SQL注入漏洞可能允许远程攻击者通过未知路径执行任意SQL命令。注意:由于Oracle建议缺少相关细节,因此正在创建一个单独的CVE,因为无法肯定地说这个问题已经被Oracle解决。这可能是由于类似于2006年1月CPU中的Oracle漏洞#DB06,如果是DB05,则将合并到CVE-2006-0260中。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB06 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0259 or, if it is DB05, subsumed by CVE-2006-0260.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Oracle Data Pump Metadata API SQL注入漏洞
漏洞描述信息
Oracle Database 10g,而且可能包括之前版本的Data Pump Metadata API中存在SQL注入漏洞。远程攻击者可以借助未知向量执行任意SQL命令。
CVSS信息
N/A
漏洞类别
SQL注入