An SQL injection vulnerability in the Oracle DBMS_REPUTIL package may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation.
Oracle DBMS_REPUTIL package contains a SQL injection vulnerability.The details of this vulnerability are not clear. We believe that the DBMS_REPUTIL package is accessible by users with PUBLIC privileges.
Based on research into public information, we believe that this issue is Oracle vuln# DB01 in the Oracle CPU for April 2006 . However, there is not sufficient information to authoritatively relate Oracle vulnerability information to information provided by other parties.
A remote attacker may be able to execute SQL queries on a server, possibly with elevated privileges. As a result, attackers may be able to view or modify the contents of an Oracle database.
This vulnerability was reported in the Oracle Critical Patch Update for April 2006 . Information in this document came from Oracle and Alexander Kornbrust of Red-Database Security
|Date First Published:||2006-04-20|
|Date Last Updated:||2006-04-20 11:25 UTC|