Description

SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities.

Remediation

References

CVE-2007-2111

Related Vulnerabilities

WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Cross-Site Scripting (2.4.13)

WordPress Plugin MiniCart SQL Injection (1.00.1)

MySQL CVE-2022-21332 Vulnerability (CVE-2022-21332)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.7)

WordPress Plugin Migration, Backup, Staging-WPvivid Directory Traversal (0.9.75)

Severity

Medium

Classification

CVE-2007-2111 CWE-138

Tags

Missing Update Known Vulnerabilities