CVE-2007-5508
Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
Múltiples vulnerabilidades de inyección SQL en la aplicación CTXSYS Intermedia para el componente Oracle Text (CTX_DOC) en Oracle Database 10.1.0.5 y 10.2.0.3 permiten a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante los procedimientos (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP, también conocido como DB03.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-17 CVE Reserved
- 2007-10-17 CVE Published
- 2007-10-23 First Exploit
- 2024-08-07 CVE Updated
- 2024-11-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/27409 | Third Party Advisory | |
| http://securityreason.com/securityalert/3242 | Third Party Advisory | |
| http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc | X_refsource_misc | |
| http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/482425/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26101 | Vdb Entry | |
| http://www.securitytracker.com/id?1018823 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-290A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2007/3524 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/3626 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4564 | 2007-10-23 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=119332677525918&w=2 | 2018-10-15 | |
| http://secunia.com/advisories/27251 | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 10.1.0.5 Search vendor "Oracle" for product "Database Server" and version "10.1.0.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 10.2.0.3 Search vendor "Oracle" for product "Database Server" and version "10.2.0.3" | - |
Affected
| ||||||