CVE-2008-1811

Name of the Vulnerable Software and Affected Versions Oracle Application Express version 3.0.1

Description The issue is related to insufficient authorization checks for SQL commands in the run ddl function in flows 030000.wwv execute immediate, allowing privilege escalation by certain non-DBA remote authenticated users. This can be exploited through remote authenticated attack vectors.

Recommendations For Oracle Application Express version 3.0.1, consider restricting access to the flows 030000.wwv execute immediate function until a patch is available, and ensure that authorization checks are properly implemented for SQL commands in the run ddl function to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.