Description
Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2023-22025 Vulnerability (CVE-2023-22025)
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-45152)
WordPress Plugin Media from FTP Cross-Site Scripting (9.89)
WebLogic CVE-2017-3248 Vulnerability (CVE-2017-3248)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0364)