This script is Copyright (C) 2003-2014 Frank Berger.

Synopsis :

The remote may be vulnerable to SQL injection attacks.

Description :

It is possible to access a demo (PORTAL_DEMO.ORG_CHART) script on the
remote host. Access to these pages should be restricted because it may
be possible to abuse this demo for SQL Injection attacks.

Additional components of the Portal have been reported as vulnerable
to SQL injection attacks but Nessus has not tested for these.

See also :

Solution :

Remove the Execute for Public grant from the PL/SQL package in schema
PORTAL_DEMO (REVOKE execute ON portal_demo.org_chart FROM public;).
Please check also Oracle Security Alert 61 for patch-information.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.5
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 11918 ()

Bugtraq ID: 8966

CVE ID: CVE-2003-1193

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now