Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

Subscribe me to your mailing list

[ERPSCAN-09-010] Oracle Database 10G CTXSYS.DRVXTABX — PLSQL Injection

Application: Oracle Database 10G
Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL: http://oracle.com
Bugs: PL/SQL Injections
Exploits: YES
Reported: 29.01.2008
Vendor response: 31.01.2008
CVE: CVE-2009-1991
SVSS2: 3.6
Date of Public Advisory: 26.10.2009
Solution: YES (Non official)
Author: Alexandr Polyakov

Description
Oracle Database 10G and 9g are vulnerable to PL/SQL Injection. PL/SQL Injection found in the following procedure ctxsys.drvxtabc.create_tables

Business Risk
Legal database user can escalate privileges and gain unauthorized access to business-critical data.