CVE-2005-1197SQL Injection in Oracle Database Server

6 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Database ServerOracle Oracle10g
Timeline
PublishedMay 2
Latest updateMay 1

Description

SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDoracle/database_server4 versions+3
NVDoracle/oracle10g27 versions+26

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-cx2w-jvrm-6q8q: SQL injection vulnerability in the SYS2022-05-01
GHSA
GHSA-hchr-g8fg-g2r7: SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privil2022-05-01
CVEList
CVE-2005-4832: SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privil2007-03-03
CVEList
CVE-2005-1197: SQL injection vulnerability in the SYS2005-04-21
CVE-2005-1197 — SQL Injection in Oracle Database Server | cvebase