2 matches found
CVE-2001-0319
The CVE-2001-0319 entry concerns IBM Net.Commerce 3.x, where the macro orderdspc.d2w in the report capability is vulnerable to SQL injection via the order_rn option. The underlying issue is a SQL injection flaw in the remote interface that lets an attacker supply crafted input to alter or execute...
IBM Net.Commerce 2.03.x4.x - orderdspc.d2w order_rn Option SQL Injection
IBM Net.Commerce 2.03.x4.x - orderdspc.d2w orderrn Option SQL Injection source: https://www.securityfocus.com/bid/2350/info IBM's Net.Commerce ecommerce platform supports macros which, by default, do not properly validate requests in user-supplied input. A thoughtfully-formed request to a...