CVE-2006-0269

CWE-89 — SQL Injection3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.7%

top 28.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Oracle10g

Timeline

PublishedJan 18

Latest updateMay 1

Description

Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

▶NVDoracle/oracle10gstandard_10.1.0.5, standard_10.2.0.1+1

🔴Vulnerability Details

GHSA

GHSA-x8jx-vxj3-mgpv: Unspecified vulnerability in the Streams Capture component of Oracle Database server 10↗2022-05-01

▶

CVEList

CVE-2006-0269: Unspecified vulnerability in the Streams Capture component of Oracle Database server 10↗2006-01-18

▶