Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5508SQL Injection in Oracle Database Server

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
2.2%
top 15.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Database Server
Timeline
PublishedOct 17
Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDoracle/database_server10.1.0.5, 10.2.0.3+1

🔴Vulnerability Details

2
GHSA
GHSA-7xmh-48w2-qq3p: Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 102022-05-01
CVEList
CVE-2007-5508: Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 102007-10-17

💥Exploits & PoCs

1
Exploit-DB
Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection2007-10-23
CVE-2007-5508 — SQL Injection in Oracle Database Server | cvebase