PL or SQL : Global cursor

Classification

OWASP Top 10 2017

A5-Broken Access Control

OWASP Top 10 2021

A1-Broken Access Control

HIPAA

§164.312 (a)(1)

Overview

Using global cusrors is a bad practice and it could have a dire security impact on the database server. The problem arises because global cursors in Oracle can be opened and executed outside of the package in which they are defined; further this can be done by a user with a different security level than the owner of the package in which the cursor has been defined.

References

The Security Impact of Global Cursors in Oracle PL/SQL
OWASP Top 10 2017-A5-Broken Access Control

MEDIUM

PL or SQL : Global cursor

Classification

Overview

References

DerScanner Severity Score

Do you want to fix PL or SQL : Global cursor in your application?

See also

PL or SQL : Open redirect

PL or SQL : Cross-site scripting (XSS)

PL or SQL : Weak hashing algorithm