Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-3132 - Vulnerability Database
Oracle Database Server

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-3132

Medium
Reference: CVE-2012-3132
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-3132
Title: Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

SQL injection vulnerability in Oracle Database Server 10.2.0.3 10.2.0.4 10.2.0.5 11.1.0.7 11.2.0.2 and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.