Description
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
Remediation
References
Related Vulnerabilities
WordPress Plugin QR Redirector Cross-Site Scripting (1.6)
WordPress User-Agent SQL Injection Vulnerability (1.5.2)
Rukovoditel Cross-site Scripting (XSS) Vulnerability (CVE-2019-7541)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1024)
WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6)