Description

SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities.

Remediation

References

CVE-2007-2111

Related Vulnerabilities

Contao Incorrect Default Permissions Vulnerability (CVE-2019-19712)

Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2935)

WordPress Plugin WP Statistics Cross-Site Scripting (12.6.5)

WordPress Plugin WooCommerce Cross-Site Request Forgery (2.2.2)

WordPress Plugin Scoutnet Kalender Cross-Site Scripting (1.1.0)

Severity

Medium

Classification

CVE-2007-2111 CWE-138

Tags

Missing Update Known Vulnerabilities