ID CVE-2001-0319Type cveReporter NVDModified 2017-10-09T21:29:40
Description
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
{"id": "CVE-2001-0319", "bulletinFamily": "NVD", "title": "CVE-2001-0319", "description": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.", "published": "2001-05-03T00:00:00", "modified": "2017-10-09T21:29:40", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0319", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/6067", "http://www.securityfocus.com/bid/2350", "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html", "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"], "cvelist": ["CVE-2001-0319"], "type": "cve", "lastseen": "2017-10-10T10:34:42", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:ibm:net.commerce:3.0", "cpe:/a:ibm:websphere_commerce_suite:3.1.2::service_provider", "cpe:/a:ibm:net.commerce_hosting_server:3.1.2", "cpe:/a:ibm:websphere_commerce_suite:3.2::service_provider", "cpe:/a:ibm:net.commerce:3.2::pro", "cpe:/a:ibm:net.commerce:3.2::start", "cpe:/a:ibm:net.commerce_hosting_server:3.1.1", "cpe:/a:ibm:websphere_commerce_suite:4.1::start", "cpe:/a:ibm:net.commerce:2.0", "cpe:/a:ibm:websphere_commerce_suite:4.1::pro", "cpe:/a:ibm:websphere_commerce_suite:4.1.1::start", "cpe:/a:ibm:net.commerce:3.1.1::pro", "cpe:/a:ibm:websphere_commerce_suite:4.1::marketplace", "cpe:/a:ibm:net.commerce:3.1.2::start", "cpe:/a:ibm:net.commerce:3.1.2::pro", "cpe:/a:ibm:net.commerce:3.1::start", "cpe:/a:ibm:net.commerce:3.1::pro", "cpe:/a:ibm:net.commerce:3.1.1::start", "cpe:/a:ibm:net.commerce_hosting_server:3.2", "cpe:/a:ibm:websphere_commerce_suite:4.1.1::pro"], "cvelist": ["CVE-2001-0319"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.", "edition": 1, "enchantments": {}, "hash": "91dafe01559e27459b4afc3f9087c23c68286d6a1c2eaf4a3131b2df41b8e921", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "1a62d4740614ceb5a9ff79fbc907a542", "key": "href"}, {"hash": "7a74af887a99ca10fa2471408ebbeeb1", "key": "cvelist"}, {"hash": "7c9d4ea2bca5ba2b0fe9a6a25d0923fc", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "f6af80daddc91cd6463edd697c1f2439", "key": "title"}, {"hash": "324283070f9eacfab5d08fb7daf89415", "key": "cpe"}, {"hash": "1146001a7d01649401195721d829b0ee", "key": "published"}, {"hash": "5b3e83489793d07473c638dab2995481", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3b014ee98763111c66bc9763c3fc9aad", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0319", "id": "CVE-2001-0319", "lastseen": "2016-09-03T02:56:37", "modified": "2008-09-05T16:23:49", "objectVersion": "1.2", "published": "2001-05-03T00:00:00", "references": ["http://www.securityfocus.com/bid/2350", "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html", "http://xforce.iss.net/xforce/xfdb/6067", "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2001-0319", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T02:56:37"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "324283070f9eacfab5d08fb7daf89415"}, {"key": "cvelist", "hash": "7a74af887a99ca10fa2471408ebbeeb1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "7c9d4ea2bca5ba2b0fe9a6a25d0923fc"}, {"key": "href", "hash": "1a62d4740614ceb5a9ff79fbc907a542"}, {"key": "modified", "hash": "1f12262466e302b97b0b25696a068be0"}, {"key": "published", "hash": "1146001a7d01649401195721d829b0ee"}, {"key": "references", "hash": "8b6f9dd950fb4a780a21d9b9e5f2a1c1"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "f6af80daddc91cd6463edd697c1f2439"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "38cb565e726461f2cc2f066b5c4ca76fd8787810a1b1189f80502d61ca18e505", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:ibm:net.commerce:3.0", "cpe:/a:ibm:websphere_commerce_suite:3.1.2::service_provider", "cpe:/a:ibm:net.commerce_hosting_server:3.1.2", "cpe:/a:ibm:websphere_commerce_suite:3.2::service_provider", "cpe:/a:ibm:net.commerce:3.2::pro", "cpe:/a:ibm:net.commerce:3.2::start", "cpe:/a:ibm:net.commerce_hosting_server:3.1.1", "cpe:/a:ibm:websphere_commerce_suite:4.1::start", "cpe:/a:ibm:net.commerce:2.0", "cpe:/a:ibm:websphere_commerce_suite:4.1::pro", "cpe:/a:ibm:websphere_commerce_suite:4.1.1::start", "cpe:/a:ibm:net.commerce:3.1.1::pro", "cpe:/a:ibm:websphere_commerce_suite:4.1::marketplace", "cpe:/a:ibm:net.commerce:3.1.2::start", "cpe:/a:ibm:net.commerce:3.1.2::pro", "cpe:/a:ibm:net.commerce:3.1::start", "cpe:/a:ibm:net.commerce:3.1::pro", "cpe:/a:ibm:net.commerce:3.1.1::start", "cpe:/a:ibm:net.commerce_hosting_server:3.2", "cpe:/a:ibm:websphere_commerce_suite:4.1.1::pro"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"exploitdb": [{"id": "EDB-ID:20618", "type": "exploitdb", "title": "IBM Net.Commerce 2.0/3.x/4.x orderdspc.d2w order_rn Option SQL Injection", "description": "IBM Net.Commerce 2.0/3.x/4.x orderdspc.d2w order_rn Option SQL Injection. CVE-2001-0319. Remote exploits for multiple platform", "published": "2001-02-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/20618/", "cvelist": ["CVE-2001-0319"], "lastseen": "2016-02-02T14:39:01"}], "nessus": [{"id": "NETCOMMERCE_SQL.NASL", "type": "nessus", "title": "IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection", "description": "The macro orderdspc.d2w in the remote IBM Net.Commerce 3x is vulnerable to a SQL injection attack via the 'order_rn' option.\n\nAn attacker may use it to abuse your database in many ways.", "published": "2002-06-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=11020", "cvelist": ["CVE-2001-0319"], "lastseen": "2017-10-29T13:41:22"}], "osvdb": [{"id": "OSVDB:833", "type": "osvdb", "title": "IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection", "description": "# No description provided by the source\n\n## References:\nSnort Signature ID: 1820\nISS X-Force ID: 6067\n[CVE-2001-0319](https://vulners.com/cve/CVE-2001-0319)\nBugtraq ID: 2350\n", "published": "2001-02-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:833", "cvelist": ["CVE-2001-0319"], "lastseen": "2017-04-28T13:19:55"}]}}
