CVE-2006-0586 (CNNVD-200602-099)
HIGH
有利用代码
中文标题:
Oracle SYS.KUPV$FT软件包SQL注入漏洞
英文标题:
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote atta...
CVSS分数:
7.5
发布时间:
2006-02-08 01:00:00
漏洞类型:
SQL注入
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v6
漏洞描述
中文描述:
Oracle Database是一款商业性质大型数据库系统。 Oracle SYS.KUPV$FT软件包的ATTACH_JOB、OPEN_JOB、HAS_PRIVS函数中存在3个SQL注入漏洞,成功利用这些漏洞的远程攻击者可以完全入侵受影响的数据库系统。
英文描述:
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues.
CWE类型:
CWE-89
标签:
local
multiple
Joxean Koret
remote
bunker
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| oracle | application_server | 10.1.0.2 | - | - |
cpe:2.3:a:oracle:application_server:10.1.0.2:*:*:*:*:*:*:*
|
| oracle | application_server | 10.1.0.3 | - | - |
cpe:2.3:a:oracle:application_server:10.1.0.3:*:*:*:*:*:*:*
|
| oracle | application_server | 10.1.0.3.1 | - | - |
cpe:2.3:a:oracle:application_server:10.1.0.3.1:*:*:*:*:*:*:*
|
| oracle | application_server | 10.1.0.4 | - | - |
cpe:2.3:a:oracle:application_server:10.1.0.4:*:*:*:*:*:*:*
|
| oracle | application_server | 10.1.2 | - | - |
cpe:2.3:a:oracle:application_server:10.1.2:*:*:*:*:*:*:*
|
| oracle | application_server | 10.1.2.0.1 | - | - |
cpe:2.3:a:oracle:application_server:10.1.2.0.1:*:*:*:*:*:*:*
|
| oracle | application_server | 10.1.2.0.2 | - | - |
cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*
|
| oracle | application_server | 10.1.2.1.0 | - | - |
cpe:2.3:a:oracle:application_server:10.1.2.1.0:*:*:*:*:*:*:*
|
| oracle | oracle10g | enterprise_10.1.0.2 | - | - |
cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*
|
| oracle | oracle10g | enterprise_10.1.0.3 | - | - |
cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*
|
| oracle | oracle10g | enterprise_10.1.0.3.1 | - | - |
cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*
|
| oracle | oracle10g | enterprise_10.1.0.4 | - | - |
cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*
|
| oracle | oracle10g | personal_10.1.0.2 | - | - |
cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*
|
| oracle | oracle10g | personal_10.1.0.3 | - | - |
cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*
|
| oracle | oracle10g | personal_10.1.0.4 | - | - |
cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*
|
| oracle | oracle10g | personal_10.10.3.1 | - | - |
cpe:2.3:a:oracle:oracle10g:personal_10.10.3.1:*:*:*:*:*:*:*
|
| oracle | oracle10g | standard_10.1.0.2 | - | - |
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*
|
| oracle | oracle10g | standard_10.1.0.3 | - | - |
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*
|
| oracle | oracle10g | standard_10.1.0.3.1 | - | - |
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*
|
| oracle | oracle10g | standard_10.1.0.4 | - | - |
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*
|
| oracle | oracle10g | standard_10.1.0.4.2 | - | - |
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*
|
| oracle | oracle10g | standard_10.1.0.5 | - | - |
cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
22840
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT
mailing-list
cve.org
访问
cve.org
22839
vdb-entry
cve.org
访问
cve.org
20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT
mailing-list
cve.org
访问
cve.org
16294
vdb-entry
cve.org
访问
cve.org
oracle-syskupv$ft-sql-injection(24195)
vdb-entry
cve.org
访问
cve.org
oracle-syskupv$ftint-sql-injection(24197)
vdb-entry
cve.org
访问
cve.org
20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT
mailing-list
cve.org
访问
cve.org
20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT
mailing-list
cve.org
访问
cve.org
ExploitDB EDB-3179
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-3179
EXPLOIT
exploitdb
访问
exploitdb
CVE Reference: CVE-2006-0586
ADVISORY
cve.org
访问
cve.org
ExploitDB EDB-3359
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-3359
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-3376
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-3376
EXPLOIT
exploitdb
访问
exploitdb
CVSS评分详情
7.5
HIGH
CVSS向量:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS版本:
2.0
机密性
PARTIAL
完整性
PARTIAL
可用性
PARTIAL
时间信息
发布时间:
2006-02-08 01:00:00
修改时间:
2024-08-07 16:41:28
创建时间:
2025-11-11 15:32:31
更新时间:
2025-11-11 16:28:38
利用信息
此漏洞有可利用代码!
利用代码数量:
3
利用来源:
未知
未知
未知
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-0586 |
2025-11-11 15:17:39 | 2025-11-11 07:32:31 |
| NVD | nvd_CVE-2006-0586 |
2025-11-11 14:51:47 | 2025-11-11 07:41:17 |
| CNNVD | cnnvd_CNNVD-200602-099 |
2025-11-11 15:08:49 | 2025-11-11 07:49:04 |
| EXPLOITDB | exploitdb_EDB-3179 |
2025-11-11 15:05:27 | 2025-11-11 08:26:31 |
| EXPLOITDB | exploitdb_EDB-3359 |
2025-11-11 15:05:28 | 2025-11-11 08:28:18 |
| EXPLOITDB | exploitdb_EDB-3376 |
2025-11-11 15:05:28 | 2025-11-11 08:28:38 |
版本与语言
当前版本:
v6
主要语言:
EN
支持语言:
EN
ZH
其他标识符:
:
:
:
:
:
:
安全公告
暂无安全公告信息
变更历史
v6
EXPLOITDB
2025-11-11 16:28:38
references_count: 17 → 19
查看详细变更
- references_count: 17 -> 19
v5
EXPLOITDB
2025-11-11 16:28:18
references_count: 15 → 17; tags_count: 3 → 5
查看详细变更
- references_count: 15 -> 17
- tags_count: 3 -> 5
v4
EXPLOITDB
2025-11-11 16:26:31
references_count: 12 → 15; tags_count: 0 → 3; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- references_count: 12 -> 15
- tags_count: 0 -> 3
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3
CNNVD
2025-11-11 15:49:04
vulnerability_type: 未提取 → SQL注入; cnnvd_id: 未提取 → CNNVD-200602-099; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> SQL注入
- cnnvd_id: 未提取 -> CNNVD-200602-099
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:41:17
severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 7.5; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:P/I:P/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 22; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.5
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 22
- data_sources: ['cve'] -> ['cve', 'nvd']