Description
SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2013-3789 Vulnerability (CVE-2013-3789)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2151)
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2020-9481)
CubeCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3904)