2 matches found
CVE-2001-0319
The CVE-2001-0319 entry concerns IBM Net.Commerce 3.x, where the macro orderdspc.d2w in the report capability is vulnerable to SQL injection via the order_rn option. The underlying issue is a SQL injection flaw in the remote interface that lets an attacker supply crafted input to alter or execute...
CVE-2001-0319
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the orderrn option of the report capability...