CVE-2006-0549

Oracle Database Server - SQL Injection in SYS.DBMS_METADATA_UTIL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-0549. PoCs published by bunker.

AI-analyzed exploit summary This Perl script exploits CVE-2006-0549 by leveraging cursor injection in Oracle's DBMS_METADATA.GET_DDL to grant or revoke DBA privileges without requiring CREATE PROCEDURE privileges. It uses DBD::Oracle to execute malicious SQL via an autonomous transaction, bypassing standard privilege checks.

Description

SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB05 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. However, there are some inconsistencies that make this unclear, and there is also a possibility that this is related to DB06, which is subsumed by CVE-2006-0259.

Exploits (2)

exploitdb WORKING POC VERIFIED
by bunker · perlremotemultiple
https://www.exploit-db.com/exploits/3377

This Perl script exploits CVE-2006-0549 by leveraging cursor injection in Oracle's DBMS_METADATA.GET_DDL to grant or revoke DBA privileges without requiring CREATE PROCEDURE privileges. It uses DBD::Oracle to execute malicious SQL via an autonomous transaction, bypassing standard privilege checks.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Oracle Database 9i/10g (tested on 10.1.0.3.0)
Auth required
Prerequisites: Valid Oracle credentials · Network access to Oracle database · DBD::Oracle Perl module
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by bunker · perlremotemultiple
https://www.exploit-db.com/exploits/3363

This Perl script exploits CVE-2006-0549 in Oracle Database 9i/10g by leveraging the DBMS_METADATA.GET_DDL function to grant or revoke DBA privileges to an unprivileged user. It creates an autonomous transaction function to bypass privilege checks and execute arbitrary SQL commands.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Oracle Database 9i/10g (tested on 10.1.0.3.0)
Auth required
Prerequisites: Valid Oracle database credentials · Network access to the Oracle database · Oracle InstantClient with DBD::Oracle
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/629316
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-018A.html

Scores

EPSS 0.0848
EPSS Percentile 94.3%

Details

Status published
Products (1)
oracle/database_server 10.1.0.5 r1
Published Feb 04, 2006
Tracked Since Feb 18, 2026