Lucene search

[email protected]CVE-2006-7138

HistoryMar 07, 2007 - 8:19 p.m.

CVE-2006-7138

2007-03-0720:19:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2006-7138

sql injection

oracle apex

htmldb

vulnerability

security

nvd

cve-2006-5351

7.5 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.4%

JSON

SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.

CPENameOperatorVersion
oracle:apexoracle apexle2.1

CPE	Name	Operator	Version
oracle:apex	oracle apex	le	2.1

References

lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html

securityreason.com/securityalert/2346

www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html

www.red-database-security.com/advisory/oracle_cpu_oct_2006.html

www.securityfocus.com/archive/1/449498/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/30106

7.5 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.4%

JSON

Related for CVE-2006-7138

cve3 nessus1