Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle CTX_DOC软件包多个SQL注入漏洞
Vulnerability Description
Oracle Database是一款商业性质大型数据库系统。 Oracle 10g中的Intermedia应用的多个过程实现上存在SQL注入漏洞,远程攻击者可能利用此漏洞非授权访问数据库。 Oracle 10g中的Intermedia应用包含有名为CTX_DOC的软件包,该软件包中的THEMES、GIST、TOKENS、FILTER、HIGHLIGHT和MARKUP过程没有正确地验证SQL查询中的用户输入,允许数据库用户执行SQL注入攻击。如果通过Oracle应用服务器攻击的话则无须用户ID和口令就可以利
CVSS Information
N/A
Vulnerability Type
N/A