Home / vulnerabilities Oracle Database Spatial SQL Injection
Posted on 22 October 2011
Source : packetstormsecurity.org Link
Team SHATTER Security Advisory - Oracle Database supports spatial datatypes. A SQL injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA.
