Arbitrary SQL Query Execution in IBM Net.Commerce 3.x via orderdspc.d2w Macro
CVE-2001-0319 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
Learn more about our Cis Benchmark Audit For Ibm I.