Published: 12/05/2003 Updated: 12/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote malicious users to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft biztalk server 2000
microsoft biztalk server 2002

source: wwwsecurityfocuscom/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic The vulnerability exists in some of the pages used by the DTA interface This vulnerability may be the result of inadequate sanitization of user-supplied values for som ...

source: wwwsecurityfocuscom/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic The vulnerability exists in some of the pages used by the DTA interface This vulnerability may be the result of inadequate sanitization of user-supplied values for s ...

NVD-CWE-Other http://marc.info/?l=bugtraq&m=105216839231951&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016 https://nvd.nist.gov https://www.exploit-db.com/exploits/22554/

CVE-2003-0118

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect