CVE-2003-1193

Severity

75%

Complexity

99%

Confidentiality

106%

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Oracle Oracle9i Application Server Portal

First reported 21 years ago

2003-11-03 05:00:00

Last updated 7 years ago

2017-07-11 01:29:00

Affected Software

Oracle Oracle9i Application Server Portal 3.0.9.8.5

3.0.9.8.5

Oracle Oracle9i Application Server Portal 9.0.2.3

9.0.2.3

Oracle Oracle9i Application Server Portal 9.0.2.3A

9.0.2.3a

Oracle Oracle9i Application Server Portal 9.0.2.3B

9.0.2.3b

References

http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf

Patch

20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)

Patch, Vendor Advisory

8966

Vendor Advisory

oracle-portal-sql-injection(13593)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.