Oracle Enterprise Manager CVE-2012-0512 SQL Injection Vulnerability
BID:53092
Info
Oracle Enterprise Manager CVE-2012-0512 SQL Injection Vulnerability
| Bugtraq ID: | 53092 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0512 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2012 12:00AM |
| Updated: | Apr 19 2012 10:50PM |
| Credit: | Esteban Martinez Fayo of Application Security |
| Vulnerable: |
Oracle Oracle11g Standard Edition 11.2.0.2.0 Oracle Oracle11g Standard Edition 11.1.0.7 R1 Oracle Oracle11g Enterprise Edition 11.2 2 Oracle Oracle11g Enterprise Edition 11.1.0.7 R1 Oracle Enterprise Manager Grid Control 10g 10.2 .1 Oracle Enterprise Manager Database Control 11i 11.1.0.7 Oracle Enterprise Manager Database Control 11i 11.1.0.6 |
| Not Vulnerable: | |
Discussion
Oracle Enterprise Manager CVE-2012-0512 SQL Injection Vulnerability
Oracle Enterprise Manager is prone to an SQL-injection vulnerability.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Oracle Enterprise Manager is prone to an SQL-injection vulnerability.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
Oracle Enterprise Manager CVE-2012-0512 SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.