CVE-2006-5342SQL Injection in Oracle Database Server

3 documents3 sources
Severity
7.1HIGHNVD
EPSS
1.9%
top 16.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedOct 18
Latest updateMay 1

Description

Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_tune, aka Vuln# DB18. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB18 might be related to SQL injection in the EXTENT_OF function.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDoracle/database_server10.1.0.3, 9.0.1.5, 9.2.0.6+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-g226-x7qv-hrff: Unspecified vulnerability in Oracle Spatial component in Oracle Database 92022-05-01
CVEList
CVE-2006-5342: Unspecified vulnerability in Oracle Spatial component in Oracle Database 92006-10-18
CVE-2006-5342 — SQL Injection in Oracle Database Server | cvebase