CVE-2001-0319

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/05/2001
Last modified:
03/04/2025

Description

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ibm:net.commerce:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1:*:start:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1.1:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1.1:*:start:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1.2:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1.2:*:start:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.2:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.2:*:start:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce_hosting_server:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce_hosting_server:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce_hosting_server:3.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:*:service_provider:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce_suite:3.2:*:service_provider:*:*:*:*:*