SQL Injection Vulnerability in Microsoft Site Server 3.0 Commerce Edition
CVE-2000-0161

Currently unrated

Key Information:

Vendor: Microsoft
Status: Site Server
Vendor: CVE Published:; 18 February 2000

Summary

The vulnerability in Microsoft Site Server 3.0 Commerce Edition arises from the lack of validation on an identification number used in sample web sites. This oversight allows remote attackers to exploit the system by executing arbitrary SQL commands, potentially leading to unauthorized access and manipulation of the database. Implementing robust input validation and employing security measures can help mitigate the associated risks. For further details and remediation, refer to Microsoft's advisory and related security bulletins.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/994

vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Feb 23, 2000
Vulnerability published
Feb 18, 2000