CVE-2005-2983

Sažetak

SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037156.html
http://marc.info/?l=bugtraq&m=112681849113948&w=2
http://www.red-database-security.com/wp/sql_injection_reports_us.pdf

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2016 - 03:31

Objavljeno

20-09-2005 - 00:03