CVE-2006-1874 — SQL Injection in Oracle Database Server

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 18.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedApr 20

Latest updateMay 1

Description

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2) EXECUTE_DELETE, (3) EXECUTE_UPDATE, (4) EXECUTE UPDATE, and (5) CRT_DUMMY functions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/database_server8.1.7.4, 9.0.1.5, 9.2.0.6+2

🔴Vulnerability Details

GHSA

GHSA-fpvj-7cwv-ggx5: Unspecified vulnerability in Oracle Database Server 8↗2022-05-01

▶

CVEList

CVE-2006-1874: Unspecified vulnerability in Oracle Database Server 8↗2006-04-20

▶