Oracle Database is vulnerable to SQL injection. A remote attacker, who is authenticated, could supply a specially-crafted request containing malicious SQL code to the SYS.SQLIVULN and SQLVULN procedures, which would allow the attacker to add, modify or delete user information in the backend database.