Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle Database 组件Oracle Spatial 未明访问控制安全漏洞
Vulnerability Description
Oracle Database是一款商业性质大型数据库系统。 Oracle Database(10.1.0.5,10.2.0.2) 组件Oracle Spatial 存在未明访问控制安全漏洞。远程认证用户可以通过未明向量影响系统的机密性、完整性和可用性。 注意:Oracle声明在执行MDSYS.SDO_TOPO_DROP_FTBL触发时没有正确地过滤某些输入,远程认证用户可以执行SQL注入攻击。成功攻击要求拥有CREATE SESSION权限。
CVSS Information
N/A
Vulnerability Type
N/A