CVE-2012-3132

🗓️ 10 Aug 2012 23:00:00Reported by oracleType

SQL injection in Oracle Database Server 10g/11g versions allows remote users to execute arbitrary SQL commands via CREATE INDEX with CTXSYS.CONTEXT INDEXTYPE & DBMS_STATS.GATHER_TABLE_STATS

Reporter	Title	Published	Views	Family All 10
Cvelist	CVE-2012-3132	10 Aug 201223:00	–	cvelist
EUVD	EUVD-2012-3110	7 Oct 202500:30	–	euvd
NVD	CVE-2012-3132	10 Aug 201223:55	–	nvd
Oracle	Oracle Critical Patch Update - October 2012	16 Oct 201200:00	–	oracle
Oracle	Oracle Critical Patch Update - October 2012	16 Oct 201200:00	–	oracle
Tenable Nessus	Oracle Database Multiple Vulnerabilities (July 2012 CPU)	19 Jul 201200:00	–	nessus
Tenable Nessus	Oracle Database Multiple Vulnerabilities (October 2012 CPU)	23 Oct 201200:00	–	nessus
Prion	Sql injection	10 Aug 201223:55	–	prion
SUSE CVE	SUSE CVE-2012-3132	15 Feb 202305:46	–	susecve
ThreatPost	Oracle Warns Users About Privilege Escalation Bug in Database Server	13 Aug 201213:58	–	threatpost

NVD

Node

oracle database_serverMatch10.2.0.3

oracle database_serverMatch10.2.0.4

oracle database_serverMatch10.2.0.5

oracle database_serverMatch11.1.0.7

oracle database_serverMatch11.2.0.2

oracle database_serverMatch11.2.0.3

Source	Link
oracle	www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
blogs	www.blogs.oracle.com/security/entry/security_alert_cve_2012_3132
networkworld	www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html
securitytracker	www.securitytracker.com/id
oracle	www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html
mandriva	www.mandriva.com/security/advisories
teamshatter	www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/
darkreading	www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html

29 Apr 2026 01:13Current

7.5High risk

Vulners AI Score7.5

CVSS 26.5

EPSS0.00793

CWE-89