Unrated severityNVD Advisory· Published Oct 17, 2007· Updated Apr 23, 2026

CVE-2007-5508

Description

Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.

Affected products

Oracle Corporation/Database Server2 versions
cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27251nvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA07-290A.htmlnvdUS Government Resource
marc.infonvd
secunia.com/advisories/27409nvd
securityreason.com/securityalert/3242nvd
www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/nvd
www.oracle.com/technetwork/topics/security/cpuoct2007-092913.htmlnvd
www.securityfocus.com/archive/1/482425/100/0/threadednvd
www.securityfocus.com/bid/26101nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/3524nvd
www.vupen.com/english/advisories/2007/3626nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000