SQL Injection Vulnerability in Microsoft BizTalk Server DTA
CVE-2003-0118

Currently unrated

Key Information:

Vendor: Microsoft
Status: Biztalk Server
Vendor: CVE Published:; 12 May 2003

Summary

The Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 is affected by a SQL injection vulnerability. This flaw allows remote attackers to execute arbitrary operating system commands through specially crafted requests to specific ASP pages, namely rawdocdata.asp and RawCustomSearchField.asp, which contain embedded SQL statements. Exploiting this vulnerability could lead to serious security breaches, compromising the integrity of affected systems.

References

http://marc.info/?l=bugtraq&m=105216839231951&w=2

mailing-listx_refsource_BUGTRAQ

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

Timeline

Vulnerability published
May 12, 2003
Vulnerability Reserved
Feb 26, 2003