CVE-2007-3860

Name of the Vulnerable Software and Affected Versions: Oracle Application Express versions 2.2.0.00.32 through 3.0.0.00.20

Description: The issue allows developers to have an unknown impact via unknown attack vectors. A researcher suggests this is due to SQL injection in the check db password function, caused by insufficient checks for backslash characters.

Recommendations: For Oracle Application Express versions 2.2.0.00.32 through 3.0.0.00.20, consider restricting access to the check db password function until a patch is available. As a temporary workaround, ensure proper input validation and sanitization to minimize the risk of SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.