Published: 03/05/2001 Updated: 10/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote malicious users to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm net.commerce 3.0
ibm net.commerce 3.1.1
ibm net.commerce hosting server 3.1.1
ibm net.commerce hosting server 3.1.2
ibm websphere commerce suite 4.1
ibm net.commerce 3.1.2
ibm net.commerce 3.1
ibm websphere commerce suite 3.2
ibm websphere commerce suite 4.1.1
ibm net.commerce hosting server 3.2
ibm websphere commerce suite 3.1.2
ibm net.commerce 2.0
ibm net.commerce 3.2

source: wwwsecurityfocuscom/bid/2350/info IBM's NetCommerce ecommerce platform supports macros which, by default, do not properly validate requests in user-supplied input A thoughtfully-formed request to a vulnerable script can cause the server to disclose sensitive system information, including results of arbitrary queries to the NetC ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html http://www-4.ibm.com/software/webservers/commerce/netcomletter.html http://www.securityfocus.com/bid/2350 https://exchange.xforce.ibmcloud.com/vulnerabilities/6067 https://nvd.nist.gov https://www.exploit-db.com/exploits/20618/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2001-0319

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect