Arbitrary SQL Query Execution in IBM Net.Commerce 3.x via orderdspc.d2w Macro

Arbitrary SQL Query Execution in IBM Net.Commerce 3.x via orderdspc.d2w Macro

CVE-2001-0319 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.

Learn more about our Cis Benchmark Audit For Ibm I.