CVE-2000-1236

Description

SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.

Affected products

• oracle / application_server3.0.7

References

• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-12/0339.html
• MISChttp://online.securityfocus.com/archive/1/155881
• MISChttp://www.iss.net/security_center/static/5817.php
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-12/0372.html
• MISChttp://www.securityfocus.com/bid/2150
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-12/0463.html