CVE-2001-0319

Currently unrated

Key Information:

Vendor: IBM
Status: Net.commerce; Net.commerce Hosting Server; Websphere Commerce Suite
Vendor: CVE Published:; 3 May 2001

Summary

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.

References

http://www-4.ibm.com/software/webservers/commerce/netcoml...

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2001-02/00...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/2350

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 3, 2001
Vulnerability Reserved
Apr 4, 2001