Oracle Database Server CREATE_SCN_CHANGE_SET Standard Procedure SQL Injection Vulnerability

Oracle Database Server CREATE_SCN_CHANGE_SET Standard Procedure SQL Injection Vulnerability

Oracle Database Server is prone to SQL injection in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET standard procedure. This may permit an attacker who can influence the invocation parameters of the stored procedure to compromise the database.

This issue was originally disclosed in the "Oracle Critical Patch Update - April 2005" advisory. BID 13139 Oracle Multiple Vulnerabilities describes the issues covered in the Oracle advisory. There is insufficient information at this point in time to associate this vulnerability with an identifier from the Oracle
advisory.