What vulnerability is the following code susceptible to?
CREATE OR REPLACE PROCEDURE demo (name in VARCHAR2) as
cursor_name INTEGER;
rows_processed INTEGER;
sql VARCHAR2(150);
code VARCHAR2(2);
BEGIN
…
sql := ‘SELECT postal_code FROM states WHERE state_name = ”’
|| ””;
cursor_name := dbms_sql.open_cursor;
DBMS_SQL.PARSE(cursor_name, sql, DBMS_SQL.NATIVE);
DBMS_SQL.DEFINE_COLUMN(cursor_name, 1, code, 10);
row_processed:= DMBS_SQL.EXECUTIVE(cursor_name);

DBMS_SQL.CLOSE_CURSOR(cursor_name);

A.
SQL string manipulation

B.
DBMS_Open string attacks

C.
Oracle injection

D.
SQL injection

Explanation: