Services
Information
Company |
SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL
Details The package DBMS_SQLTUNE_INTERNAL contains SQL injection vulnerabilities. in I_SET_TUNING_PARAMETER and SELECT_SQLSET. Oracle fixed this by using bind variables in their dynamic SQL statements. Patch Information Apply the patches for Oracle CPU October 2006. History 1-nov-2005 Oracle secalert was informed 18-oct-2006 Oracle published CPU October 2006 [DB10] 18-oct-2006 Advisory published 23-oct-2006 CVE added © 2006 by Red-Database-Security GmbH - last update 24-oct-2006 |