Web application abuses : Oracle Portal <= 11.1.1.6.0 SQLi Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.803772

Category: Web application abuses

Title: Oracle Portal <= 11.1.1.6.0 SQLi Vulnerability - Active Check

Summary: Oracle Portal is prone to an SQL injection (SQLi); vulnerability.

Description: Summary:
Oracle Portal is prone to an SQL injection (SQLi)
vulnerability.

Vulnerability Insight:
Input passed via the 'p_arg_values' parameter to
/pls/portal/PORTAL_DEMO.ORG_CHART.SHOW is not properly sanitized before being used in a sql
query.

Vulnerability Impact:
Successful exploitation will allow remote attackers to
manipulate SQL queries by injecting arbitrary SQL code.

Affected Software/OS:
Oracle Portal version 11.1.1.6.0 and prior.

Solution:
Apply the patch from the referenced advisory.

CVSS Score:
5.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-3831
http://www.securitytracker.com/id/1029190

Copyright Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.803772
Category:	Web application abuses
Title:	Oracle Portal <= 11.1.1.6.0 SQLi Vulnerability - Active Check
Summary:	Oracle Portal is prone to an SQL injection (SQLi); vulnerability.
Description:	Summary: Oracle Portal is prone to an SQL injection (SQLi) vulnerability. Vulnerability Insight: Input passed via the 'p_arg_values' parameter to /pls/portal/PORTAL_DEMO.ORG_CHART.SHOW is not properly sanitized before being used in a sql query. Vulnerability Impact: Successful exploitation will allow remote attackers to manipulate SQL queries by injecting arbitrary SQL code. Affected Software/OS: Oracle Portal version 11.1.1.6.0 and prior. Solution: Apply the patch from the referenced advisory. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3831 http://www.securitytracker.com/id/1029190
Copyright	Copyright (C) 2013 Greenbone AG