CVE-2005-1178

Severity Score

7.5

*CVSS v2

*EPSS

*CPE

*Multiple Sources

*KEV

*SSVC

SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

URL	Tag	Source
https://exchange.xforce.ibmcloud.com/vulnerabilities/20080	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.red-database-security.com/wp/sql_injection_forms_us.pdf	2017-07-11
http://www.securiteam.com/securitynews/5HP0I0UFFI.html	2017-07-11

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Forms Search vendor "Oracle" for product "Forms"				3.0 Search vendor "Oracle" for product "Forms" and version "3.0"		-		Affected
Oracle Search vendor "Oracle"		Forms Search vendor "Oracle" for product "Forms"				4.5 Search vendor "Oracle" for product "Forms" and version "4.5"		-		Affected
Oracle Search vendor "Oracle"		Forms Search vendor "Oracle" for product "Forms"				5.0 Search vendor "Oracle" for product "Forms" and version "5.0"		-		Affected
Oracle Search vendor "Oracle"		Forms Search vendor "Oracle" for product "Forms"				6.0 Search vendor "Oracle" for product "Forms" and version "6.0"		-		Affected
Oracle Search vendor "Oracle"		Forms Search vendor "Oracle" for product "Forms"				6i Search vendor "Oracle" for product "Forms" and version "6i"		-		Affected
Oracle Search vendor "Oracle"		Forms Search vendor "Oracle" for product "Forms"				9i Search vendor "Oracle" for product "Forms" and version "9i"		-		Affected
Oracle Search vendor "Oracle"		Forms Search vendor "Oracle" for product "Forms"				10g Search vendor "Oracle" for product "Forms" and version "10g"		-		Affected