Описание
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
Ссылки
- ExploitVendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:net.commerce:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1:*:start:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1.1:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1.1:*:start:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1.2:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.1.2:*:start:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.2:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce:3.2:*:start:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce_hosting_server:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce_hosting_server:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:net.commerce_hosting_server:3.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:*:service_provider:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce_suite:3.2:*:service_provider:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce_suite:4.1:*:marketplace:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce_suite:4.1:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce_suite:4.1:*:start:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce_suite:4.1.1:*:pro:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce_suite:4.1.1:*:start:*:*:*:*:*
EPSS
Процентиль: 92%
0.09254
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
EPSS
Процентиль: 92%
0.09254
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other