SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Forms | Oracle | 3.0 (including) | 3.0 (including) |
| Forms | Oracle | 4.5 (including) | 4.5 (including) |
| Forms | Oracle | 5.0 (including) | 5.0 (including) |
| Forms | Oracle | 6.0 (including) | 6.0 (including) |
| Forms | Oracle | 6i (including) | 6i (including) |
| Forms | Oracle | 9i (including) | 9i (including) |
| Forms | Oracle | 10g (including) | 10g (including) |
References
- http://www.red-database-security.com/wp/sql_injection_forms_us.pdf
- http://www.securiteam.com/securitynews/5HP0I0UFFI.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20080
- http://www.red-database-security.com/wp/sql_injection_forms_us.pdf
- http://www.securiteam.com/securitynews/5HP0I0UFFI.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20080