CVE-2003-1193

4 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 37.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server Portal Oracle Oracle9i

Timeline

PublishedNov 3

Latest updateApr 29

Description

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDoracle/oracle9i6 versions+5

▶NVDoracle/application4 versions+3

Patches

Patch: otn.oracle.com ↗Patch: www.securityfocus.com ↗Patch: otn.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-xpvx-3v6q-5qx2: Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle↗2022-04-29

▶

CVEList

CVE-2003-1193: Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Exchange Server 2000/2003 - Outlook Web Access Script Injection↗2006-06-13

▶