CVE Vulnerabilities

CVE-2003-0118

Published: May 12, 2003 | Modified: Oct 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Affected Software

Name Vendor Start Version End Version
Biztalk_server Microsoft 2000 2000
Biztalk_server Microsoft 2000 2000
Biztalk_server Microsoft 2000 2000
Biztalk_server Microsoft 2000 2000
Biztalk_server Microsoft 2000 2000
Biztalk_server Microsoft 2000 2000
Biztalk_server Microsoft 2000 2000
Biztalk_server Microsoft 2000 2000
Biztalk_server Microsoft 2000 2000
Biztalk_server Microsoft 2002 2002
Biztalk_server Microsoft 2002 2002

References