CVE-2006-7138 - Vulnerability Details - OpenCVE

SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00675.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Apex

Configuration 1 [-]

cpe:2.3:a:oracle:apex:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2006-7120	SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html
http://securityreason.com/securityalert/2346
http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html
http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
http://www.securityfocus.com/archive/1/449498/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/30106

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-07T20:00:00

Updated: 2024-08-07T20:50:06.287Z

Reserved: 2007-03-07T00:00:00

Link: CVE-2006-7138

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-07T20:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-7138

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html"}, {"name": "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html"}, {"name": "oracle-wwvflow-sql-injection(30106)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30106"}, {"name": "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/449498/100/0/threaded"}, {"name": "2346", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2346"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7138", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", "refsource": "MISC", "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"}, {"name": "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html", "refsource": "MISC", "url": "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html"}, {"name": "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html"}, {"name": "oracle-wwvflow-sql-injection(30106)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30106"}, {"name": "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/449498/100/0/threaded"}, {"name": "2346", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2346"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:50:06.287Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html"}, {"name": "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html"}, {"name": "oracle-wwvflow-sql-injection(30106)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30106"}, {"name": "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/449498/100/0/threaded"}, {"name": "2346", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2346"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7138", "datePublished": "2007-03-07T20:00:00", "dateReserved": "2007-03-07T00:00:00", "dateUpdated": "2024-08-07T20:50:06.287Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:apex:*:*:*:*:*:*:*:*", "matchCriteriaId": "C78BE407-5A8B-43A9-8DF5-052D645BEA32", "versionEndIncluding": "2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en wwv_flow_utilities.gen_popup_list en WWV_FLOW_UTILITIES paquete para Oracle APEX/HTMLDB versiones anteriores a 2.2 permite a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n modificando el par\u00e1metro P_LOV y calculando un resumen MD5 que case con el par\u00e1metro P_LOV_CHECKSUM.\r\nNOTA: Es probable que esta vulnerabilidad est\u00e9 incluida en CVE-2006-5351, pero debido a la falta de detalles de Oracle, no se puede probar."}], "evaluatorSolution": "This vulnerability is addressed in the following product patch:\r\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html \r\n", "id": "CVE-2006-7138", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-07T20:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2346"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449498/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2346"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449498/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30106"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}