Description
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
Remediation
References
Related Vulnerabilities
WordPress Plugin Thrive Quiz Builder Security Bypass (2.3.9.3)
WordPress Plugin Awesome Filterable Portfolio Multiple SQL Injection Vulnerabilities (1.8.6)
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-41799)
WordPress Plugin GeoDirectory Location Manager Multiple SQL Injection Vulnerabilities (2.1.0.9)
IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2024-35139)