Application: Oracle Database 10G **Versions Affected:**Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL:<http://oracle.com> **Bugs:**PL/SQL Injections **Exploits:**YES **Reported:**29.01.2008 **Vendor response:**31.01.2008 **CVE:**CVE-2009-1991 **SVSS2:**3.6 **Date of Public Advisory:**26.10.2009 **Solution:**YES (Non official) Author: Alexandr Polyakov
Description
Oracle Database 10G and 9g are vulnerable to PL/SQL Injection. PL/SQL Injection found in the following procedure ctxsys.drvxtabc.create_tables
Business Risk
Legal database user can escalate privileges and gain unauthorized access to business-critical data.