CVE Vulnerabilities

CVE-2003-1193

Published: Nov 03, 2003 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

Affected Software

Name Vendor Start Version End Version
Application_server_portal Oracle 3.0.9.8.5 (including) 3.0.9.8.5 (including)
Application_server_portal Oracle 9.0.2.3 (including) 9.0.2.3 (including)
Application_server_portal Oracle 9.0.2.3a (including) 9.0.2.3a (including)
Application_server_portal Oracle 9.0.2.3b (including) 9.0.2.3b (including)
Oracle9i Oracle 9.0.2 (including) 9.0.2 (including)
Oracle9i Oracle 9.0.2.0.0 (including) 9.0.2.0.0 (including)
Oracle9i Oracle 9.0.2.0.1 (including) 9.0.2.0.1 (including)
Oracle9i Oracle 9.0.2.1 (including) 9.0.2.1 (including)
Oracle9i Oracle 9.0.2.2 (including) 9.0.2.2 (including)
Oracle9i Oracle 9.0.2.3 (including) 9.0.2.3 (including)

References