Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4832

7 documents4 sources
Severity
7.5HIGH
EPSS
71.1%
top 1.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Oracle10g
Timeline
PublishedDec 31
Latest updateMay 1

Description

SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDoracle/oracle10g27 versions+26

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-hchr-g8fg-g2r7: SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privil2022-05-01
CVEList
CVE-2005-4832: SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privil2007-03-03

💥Exploits & PoCs

4
Exploit-DB
Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (2)2007-02-26
Exploit-DB
Oracle 9i/10g ACTIVATE_SUBSCRIPTION - SQL Injection (2)2007-02-26
Exploit-DB
Oracle 9i/10g - ACTIVATE_SUBSCRIPTION SQL Injection2007-02-23
Exploit-DB
Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (1)2007-02-23
CVE-2005-4832 (HIGH CVSS 7.5) | SQL injection vulnerability in the | cvebase.io