Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0118SQL Injection in Microsoft Biztalk Server

6 documents4 sources
Severity
7.5HIGHNVD
EPSS
4.1%
top 11.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Biztalk Server
Timeline
PublishedMay 12
Latest updateApr 29

Description

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/biztalk_server2000, 2002+1

🔴Vulnerability Details

2
GHSA
GHSA-83mv-r2r9-9gx9: SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attacker2022-04-29
CVEList
CVE-2003-0118: SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attacker2003-05-02

💥Exploits & PoCs

3
Exploit-DB
Microsoft Office 2000/2003/2004/XP - File Memory Corruption2008-03-07
Exploit-DB
Microsoft BizTalk Server 2000/2002 DTA - 'RawCustomSearchField.asp' SQL Injection2003-04-30
Exploit-DB
Microsoft BizTalk Server 2000/2002 DTA - 'rawdocdata.asp' SQL Injection2003-04-30
CVE-2003-0118 — SQL Injection in Microsoft | cvebase