CVE-2006-5333SQL Injection in Oracle Database Server

3 documents3 sources
Severity
7.1HIGHNVD
EPSS
1.9%
top 16.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedOct 18
Latest updateMay 1

Description

Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger for a DROP USER statement in an anonymous PL/SQL block.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-5vmv-h84m-6jgq: Unspecified vulnerability in Oracle Spatial component in Oracle Database 102022-05-01
CVEList
CVE-2006-5333: Unspecified vulnerability in Oracle Spatial component in Oracle Database 102006-10-18
CVE-2006-5333 — SQL Injection in Oracle Database Server | cvebase