CVE-2006-0551 — SQL Injection in Oracle Database Server

3 documents3 sources

Severity

7.5HIGHNVD

CNA10.0

EPSS

1.5%

top 18.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedFeb 4

Latest updateMay 1

Description

SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB06 from the January 2006 CPU, in which case this would be subsumed b…

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/database_server4 versions+3

Patches

Patch: www.kb.cert.org ↗Patch: www.oracle.com ↗Patch: www.red-database-security.com ↗

🔴Vulnerability Details

GHSA

GHSA-63c4-h6jq-3fj3: SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrar↗2022-05-01

▶

CVEList

CVE-2006-0551: SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrar↗2006-02-04

▶