CVE-2003-1193

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

Published: Nov 3, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1193
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / oracle9i	9.0.2.2	9.0.2.2.x
oracle / oracle9i	9.0.2	9.0.2.x
oracle / application_server_portal	9.0.2.3b	9.0.2.3b.x
oracle / application_server_portal	3.0.9.8.5	3.0.9.8.5.x
oracle / application_server_portal	9.0.2.3	9.0.2.3.x
oracle / application_server_portal	9.0.2.3a	9.0.2.3a.x
oracle / oracle9i	9.0.2.0.0	9.0.2.0.0.x
oracle / oracle9i	9.0.2.1	9.0.2.1.x
oracle / oracle9i	9.0.2.3	9.0.2.3.x
oracle / oracle9i	9.0.2.0.1	9.0.2.0.1.x

http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf
http://www.securityfocus.com/archive/1/343520
http://www.securityfocus.com/bid/8966
https://exchange.xforce.ibmcloud.com/vulnerabilities/13593

Vulnerability Database

289,697

CVE-2003-1193