CVE-2003-1193 | Vulnerability Database | Aqua Security

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

Affected Software

Name	Vendor	Start Version	End Version
Application_server_portal	Oracle	3.0.9.8.5 (including)	3.0.9.8.5 (including)
Application_server_portal	Oracle	9.0.2.3 (including)	9.0.2.3 (including)
Application_server_portal	Oracle	9.0.2.3a (including)	9.0.2.3a (including)
Application_server_portal	Oracle	9.0.2.3b (including)	9.0.2.3b (including)
Oracle9i	Oracle	9.0.2 (including)	9.0.2 (including)
Oracle9i	Oracle	9.0.2.0.0 (including)	9.0.2.0.0 (including)
Oracle9i	Oracle	9.0.2.0.1 (including)	9.0.2.0.1 (including)
Oracle9i	Oracle	9.0.2.1 (including)	9.0.2.1 (including)
Oracle9i	Oracle	9.0.2.2 (including)	9.0.2.2 (including)
Oracle9i	Oracle	9.0.2.3 (including)	9.0.2.3 (including)

References

http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf
http://www.securityfocus.com/archive/1/343520
http://www.securityfocus.com/bid/8966
https://exchange.xforce.ibmcloud.com/vulnerabilities/13593

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-1193
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html