Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0319 — IBM Net.commerce vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

16.2%

top 5.17%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Net.commerce IBM Net.commerce Hosting Server IBM Websphere Commerce Suite

Timeline

PublishedMay 3

Latest updateApr 30

Description

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDibm/net.commerce6 versions+5

▶NVDibm/websphere_commerce_suite4 versions+3

▶NVDibm/net.commerce_hosting_server3.1.1, 3.1.2, 3.2+2

🔴Vulnerability Details

GHSA

GHSA-9cwj-6gfj-h53r: orderdspc↗2022-04-30

▶

CVEList

CVE-2001-0319: orderdspc↗2001-05-07

▶

💥Exploits & PoCs

Exploit-DB

IBM Net.Commerce 2.0/3.x/4.x - orderdspc.d2w order_rn Option SQL Injection↗2001-02-05

▶