Vulnerabilities > CVE-2003-0118 - Unspecified vulnerability in Microsoft Biztalk Server 2000/2002
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Exploit-Db
description Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection. CVE-2003-0118. Webapps exploit for asp platform id EDB-ID:22555 last seen 2016-02-02 modified 2003-04-30 published 2003-04-30 reporter Cesar Cerrudo source https://www.exploit-db.com/download/22555/ title Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection description Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability. CVE-2003-0118. Webapps exploit for asp platform id EDB-ID:22554 last seen 2016-02-02 modified 2003-04-30 published 2003-04-30 reporter Cesar Cerrudo source https://www.exploit-db.com/download/22554/ title Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
Nessus
NASL family | CGI abuses |
NASL id | BIZTALK_FLAWS.NASL |
description | The remote host seems to be running Microsoft BizTalk server. There are two flaws in this software that could allow an attacker to issue a SQL insertion attack or to execute arbitrary code on the remote host. Note that Nessus solely relied on the presence of a Biztalk DLL to issue this alert so it might be a false positive. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11638 |
published | 2003-05-20 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11638 |
title | Microsoft BizTalk Server Multiple Remote Vulnerabilities |
code |
|