Description

SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities.

Remediation

References

CVE-2007-2111

Related Vulnerabilities

Apache Traffic Server Integer Overflow or Wraparound Vulnerability (CVE-2018-9481)

WordPress Plugin WP RSS By Publishers Multiple SQL Injection Vulnerabilities (0.1)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11619)

Moodle Improper Authentication Vulnerability (CVE-2022-0985)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2019-9637)

Severity

Medium

Classification

CVE-2007-2111 CWE-138

Tags

Missing Update Known Vulnerabilities