2 matches found
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite SQL injection Advisory ID: ERPSCAN-15-026 Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
CVE-2015-4846
CVE-2015-4846 affects Oracle E-Business Suite (notably 12.1.3/12.1.4) via the Applications Manager SQL Extensions. The root cause is an unfiltered input in SQL extensions (afamexts.sql), enabling SQL injection by an authenticated remote attacker to view/modify data. Exploitation is described in E...