Vulnerabilities > CVE-2010-0870 - Unspecified vulnerability in Oracle Database Server 9.2.0.8/9.2.0.8Dv

047910
CVSS 3.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
oracle
metasploit

Summary

Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Metasploit

descriptionThe module exploits an sql injection flaw in the DROP_CHANGE_SOURCE procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege.
idMSF:AUXILIARY/SQLI/ORACLE/DBMS_CDC_PUBLISH2
last seen2020-06-14
modified1976-01-01
published1976-01-01
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb
titleOracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE