Description

SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues.

Remediation

References

CVE-2007-2113

Related Vulnerabilities

Drupal Incorrect Authorization Vulnerability (CVE-2020-13676)

Moodle Other Vulnerability (CVE-2006-0147)

Apache HTTP Server Other Vulnerability (CVE-2004-1387)

Oracle Database Server CVE-2009-1021 Vulnerability (CVE-2009-1021)

Atlassian Jira Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-26086)

Severity

High

Classification

CVE-2007-2113 CWE-138

Tags

Missing Update Known Vulnerabilities