Oracle 10g DBMS_EXPORT_EXTENSION SQL Injection Vulnerability

Oracle 10g is prone to an SQL-injection vulnerability. An attacker could exploit this to gain DBA privileges.

This vulnerability was initially thought to have been fixed as part of the Oracle April 2006 Security Update (BID 17590), but this issue reportedly wasn't patched.

Further information indicates that this issue also affects the 'GET_DOMAIN_INDEX_TABLES' and "GET_V2_DOMAIN_INDEX_TABLES' functions.


Privacy Statement
Copyright 2010, SecurityFocus