CVE-2006-5336
🟠 Łataj w tym tygodniu
Wstrzyknięcie SQL w Oracle Database umożliwia zdalne wykonanie kodu przez uwierzytelnionego użytkownika.
CVSS
9.0
EPSS
3.9%
Exploit
none
Vendor
oracle
Opis źródłowy (NVD)
Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER, and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure.
sql-injection
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 3.9% |
| Opublikowano (NVD) | 2006-10-18 01:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-23 00:35:47 UTC |
Referencje
- http://secunia.com/advisories/22396 (cve@mitre.org) [Vendor Advisory]
- http://securitytracker.com/id?1017077 (cve@mitre.org)
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf (cve@mitre.org)
- http://www.kb.cert.org/vuls/id/446100 (cve@mitre.org) [US Government Resource]
- http://www.kb.cert.org/vuls/id/716964 (cve@mitre.org) [US Government Resource]
- http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html (cve@mitre.org)
- http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html (cve@mitre.org)
- http://www.securityfocus.com/archive/1/449110/100/0/threaded (cve@mitre.org)
- http://www.securityfocus.com/archive/1/449711/100/0/threaded (cve@mitre.org)
- http://www.securityfocus.com/bid/20588 (cve@mitre.org) [Patch]
- http://www.us-cert.gov/cas/techalerts/TA06-291A.html (cve@mitre.org) [US Government Resource]
- http://www.vupen.com/english/advisories/2006/4065 (cve@mitre.org) [Vendor Advisory]