This script is Copyright (C) 2003-2014 Frank Berger.
The remote may be vulnerable to SQL injection attacks.
It is possible to access a demo (PORTAL_DEMO.ORG_CHART) script on the
remote host. Access to these pages should be restricted because it may
be possible to abuse this demo for SQL Injection attacks.
Additional components of the Portal have been reported as vulnerable
to SQL injection attacks but Nessus has not tested for these.
See also :
Remove the Execute for Public grant from the PL/SQL package in schema
PORTAL_DEMO (REVOKE execute ON portal_demo.org_chart FROM public
Please check also Oracle Security Alert 61 for patch-information.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.5
Public Exploit Available : true
Nessus Plugin ID: 11918 ()
Bugtraq ID: 8966
CVE ID: CVE-2003-1193
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.