Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle多个PL/SQL注入漏洞
Vulnerability Description
Oracle Database是一款商业性质大型数据库系统。 Oracle 10g PL/SQL过程执行存在多个注入问题,远程攻击者可以利用这个漏洞提升特权。 当PL/SQL过程执行时,使用definer权限,除非执行AUTHID CURRENT USER关键词,在这个过程里以调用者特权执行过程,如果过程存在PL/SQL注入,任何过程可以滥用definer权力提升权限。已知受影响过程为: Owner Procedure SYS DBMS_EXPORT_EXTENSION WKSYS WK_ACL.GET_
CVSS Information
N/A
Vulnerability Type
N/A