CVE-2010-0870

Oracle Database <9.2.0.8 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0870. PoCs published by MC, including Metasploit module auxiliary/sqli/oracle/dbms_cdc_publish2.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in Oracle DB's SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure, allowing arbitrary SQL execution for users with EXECUTE_CATALOG_ROLE privileges. It creates a malicious function and executes it via base64-encoded payloads.

Description

Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.

Exploits (1)

metasploit WORKING POC
by MC · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb

This Metasploit module exploits a SQL injection vulnerability in Oracle DB's SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure, allowing arbitrary SQL execution for users with EXECUTE_CATALOG_ROLE privileges. It creates a malicious function and executes it via base64-encoded payloads.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Oracle Database (versions affected by CVE-2010-0870)
Auth required
Prerequisites: Valid Oracle DB credentials with EXECUTE_CATALOG_ROLE privileges
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39438

Scores

EPSS 0.1203
EPSS Percentile 95.6%

Details

Status published
Products (2)
oracle/database_server 9.2.0.8
oracle/database_server 9.2.0.8dv
Published Apr 13, 2010
Tracked Since Feb 18, 2026