Description
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
Remediation
References
Related Vulnerabilities
PrestaShop Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-25170)
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1153)
WordPress Plugin AccessAlly Information Disclosure (3.5.6)
Grafana Improper Authentication Vulnerability (CVE-2022-32276)
Sqlite Use of Uninitialized Resource Vulnerability (CVE-2015-3414)