4.6

CVE-2006-2081

Exploit

EPSS 58.4%
Veröffentlicht 27.04.2006 23:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Database Server

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	58.4%	0.98

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/19860

http://securityreason.com/securityalert/802

http://securitytracker.com/id?1015999

http://www.kb.cert.org/vuls/id/932124

US Government Resource

http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html

Exploit

http://www.securityfocus.com/archive/1/431353/100/0/threaded

http://www.securityfocus.com/archive/1/432078/100/0/threaded

http://www.securityfocus.com/archive/1/432354/100/0/threaded

http://www.securityfocus.com/archive/1/432355/100/0/threaded

http://www.securityfocus.com/archive/1/432632/30/5250/threaded

http://www.securityfocus.com/bid/17699

https://exchange.xforce.ibmcloud.com/vulnerabilities/26048

https://nvd.nist.gov/vuln/detail/CVE-2006-2081

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2081

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2081

EUVD