CVE-2002-1631 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2002-1631

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.

Affected Software

Name	Vendor	Start Version	End Version
Application_server	Oracle	1.0.2 (including)	1.0.2 (including)
Application_server	Oracle	1.0.2.1s (including)	1.0.2.1s (including)
Application_server	Oracle	1.0.2.2 (including)	1.0.2.2 (including)
Application_server	Oracle	9.0.2.0.0 (including)	9.0.2.0.0 (including)
Application_server	Oracle	9.0.2.0.1 (including)	9.0.2.0.1 (including)

References

http://www.kb.cert.org/vuls/id/717827
http://www.kb.cert.org/vuls/id/SVIM-576QLZ
http://www.nextgenss.com/papers/hpoas.pdf
http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf
http://www.securityfocus.com/bid/6556