CVE-2004-1339

  • Last update: Apr 13, 2023

Description

SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.

Software From Fixed in
oracle / database_server 10.2.1-r2 10.2.1-r2.x
oracle / oracle9i 9.0 9.0.x
oracle / oracle9i 9.0.1 9.0.1.x
oracle / oracle9i 9.0.1.2 9.0.1.2.x
oracle / oracle9i 9.0.1.3 9.0.1.3.x
oracle / oracle9i 9.0.1.4 9.0.1.4.x
oracle / oracle9i 9.0.2 9.0.2.x
oracle / oracle9i 9.0.2.0.0 9.0.2.0.0.x
oracle / oracle9i 9.0.2.0.1 9.0.2.0.1.x
oracle / oracle9i 9.0.2.1 9.0.2.1.x
oracle / oracle9i 9.0.2.2 9.0.2.2.x
oracle / oracle9i 9.0.2.3 9.0.2.3.x
oracle / oracle9i 9.2.0.1 9.2.0.1.x
oracle / oracle9i 9.2.0.2 9.2.0.2.x

Details

    • Severity: Medium
  • CVE: CVE-2004-1339
  • Published: Dec 23, 2004
  • Updated: Apr 13, 2023
  • Exploit:

CVSS v2

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs

OWASP TOP 10