Lucene search

PRIOn knowledge basePRION:CVE-2006-0548

HistoryFeb 04, 2006 - 2:02 a.m.

Sql injection

2006-02-0402:02:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260.

CPENameOperatorVersion
database_servereq10.1.0.4.2 r1

CPE	Name	Operator	Version
	database_server	eq	10.1.0.4.2 r1

References

www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf

www.kb.cert.org/vuls/id/150332

www.oracle.com/technology/deploy/security/pdf/cpujan2006.html

www.red-database-security.com/advisory/oracle_cpu_jan_2006.html

www.us-cert.gov/cas/techalerts/TA06-018A.html

exchange.xforce.ibmcloud.com/vulnerabilities/24321