Description

SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities.

Remediation

References

CVE-2007-2111

Related Vulnerabilities

Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.3)

Apache Tomcat Other Vulnerability (CVE-2008-0002)

WordPress Plugin WP Simple Booking Calendar SQL Injection (2.0.6)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3050)

PHP Address Book Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2903)

Severity

Medium

Classification

CVE-2007-2111 CWE-138

Tags

Missing Update Known Vulnerabilities