VYPR
Unrated severityNVD Advisory· Published Aug 10, 2012· Updated Jun 16, 2026

CVE-2012-3132

CVE-2012-3132

Description

SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.

Affected products

7
  • cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*
    • (no CPE)range: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.