CVE-2006-3705 — SQL Injection in Oracle Database Server

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

3.9%

top 11.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedJul 21

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/database_server10.1.0.5

Patches

Patch: www.red-database-security.com ↗Patch: www.securityfocus.com ↗Patch: www.red-database-security.com ↗

🔴Vulnerability Details

GHSA

GHSA-2mgx-x7qr-pm5v: Multiple unspecified vulnerabilities in Oracle Database 10↗2022-05-01

▶

CVEList

CVE-2006-3705: Multiple unspecified vulnerabilities in Oracle Database 10↗2006-07-19

▶