CVE-2005-4832

Published: Dec 31, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.

Affected (27)

Products: Oracle: Oracle10g

Oracle

1 product

Oracle10g

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Oracle Oracle10g	Version enterprise_10.1.0.2
Oracle Oracle10g	Version enterprise_10.1.0.3.1
Oracle Oracle10g	Version enterprise_10.1.0.3
Oracle Oracle10g	Version enterprise_10.1.0.4
Oracle Oracle10g	Version enterprise_10.2.3
Oracle Oracle10g	Version enterprise_9.0.4.0
Oracle Oracle10g	Version enterprise_9.0.4_.0
Oracle Oracle10g	Version personal_10.1.0.2
Oracle Oracle10g	Version personal_10.1.0.3.1
Oracle Oracle10g	Version personal_10.1.0.3
Oracle Oracle10g	Version personal_10.1.0.4
Oracle Oracle10g	Version personal_10.10.3.1
Oracle Oracle10g	Version personal_10.1_.0.2
Oracle Oracle10g	Version personal_10.2.3
Oracle Oracle10g	Version personal_9.0.4.0
Oracle Oracle10g	Version personal_9.0.4_.0
Oracle Oracle10g	Version standard_10.1.0.2
Oracle Oracle10g	Version standard_10.1.0.3.1
Oracle Oracle10g	Version standard_10.1.0.3
Oracle Oracle10g	Version standard_10.1.0.4.2
Oracle Oracle10g	Version standard_10.1.0.4
Oracle Oracle10g	Version standard_10.1.0.5
Oracle Oracle10g	Version standard_10.1_.0.2
Oracle Oracle10g	Version standard_10.2.0.1
Oracle Oracle10g	Version standard_10.2.3
Oracle Oracle10g	Version standard_9.0.4.0
Oracle Oracle10g	Version standard_9.0.4_.0