cbcvebase.
CVE-2005-2372
published 2005-07-26

CVE-2005-2372: Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to…

PriorityP431high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
2.86%
85.0th percentile
Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.

Affected

7 ranges
VendorProductVersion rangeFixed in
oracleforms
oracleforms
oracleforms
oracleforms
oracleforms
oracleforms
oracleforms
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.