What is CVE-2005-4832?

CVE-2005-4832 is a vulnerability in N/a. Published 2007-03-03.

Is CVE-2005-4832 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2005-4832

SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DB…

EPSS: 0.662 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20050418 [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages (mailing-list, x_refsource_BUGTRAQ)
www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql (x_refsource_MISC)
www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt (x_refsource_MISC)
www.appsecinc.com/resources/alerts/oracle/2005-02.html (x_refsource_MISC)
20050711 Re: Problems with the Oracle Critical Patch Update for April 2005 (mailing-list, x_refsource_BUGTRAQ)
www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf (x_refsource_CONFIRM)
13236 (vdb-entry, x_refsource_BID)
oracle-subscriptionname-sql-injection(20159) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2005-4832?: CVE-2005-4832 is a vulnerability in N/a. Published 2007-03-03.
Is CVE-2005-4832 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.