CVE-2005-2983SQL Injection in Oracle Reports

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 22.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Reports
Timeline
PublishedSep 20
Latest updateMay 1

Description

SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDoracle/reports1.00

🔴Vulnerability Details

2
GHSA
GHSA-g845-m523-3rph: SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in2022-05-01
CVEList
CVE-2005-2983: SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in2005-09-19
CVE-2005-2983 — SQL Injection in Oracle Reports | cvebase