CVE-2006-5341

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.2.0.8 through 10.2.0.2

Description The issue concerns multiple unspecified vulnerabilities in the XMLDB component of Oracle Database, allowing remote authenticated attacks. These vulnerabilities are related to SQL injection in specific functions, including PITRIG DROP and PITRIG DROPMETADATA in XDB PITRIG PKG, and DISABLE HIERARCHY INTERNAL in DBMS XDBZ. This can enable remote attackers to bypass security restrictions, execute arbitrary SQL commands, and gain access to sensitive data.

Recommendations For Oracle Database versions 9.2.0.8 through 10.2.0.2, consider disabling the XDB PITRIG PKG and DBMS XDBZ packages as a temporary workaround to minimize the risk of exploitation. Restrict access to sensitive data and limit the execution of arbitrary SQL commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.