QwikSec

Security Database

CVE

CWE

Training

CVE-2006-0548

Published: Feb 4, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf

x_refsource_MISC

oracle-january2006-update(24321)

vdb-entry

x_refsource_XF

http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

third-party-advisory

x_refsource_CERT

http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.