CVE-2003-0118

Published: May 12, 2003Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Affected (11)

Products: Microsoft: Biztalk Server

Microsoft

1 product

Biztalk Server

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Microsoft Biztalk Server	Version 2000
Microsoft Biztalk Server	Version 2000
Microsoft Biztalk Server	Version 2000
Microsoft Biztalk Server	Version 2000 sp1a
Microsoft Biztalk Server	Version 2000 sp1a
Microsoft Biztalk Server	Version 2000 sp1a
Microsoft Biztalk Server	Version 2000 sp2
Microsoft Biztalk Server	Version 2000 sp2
Microsoft Biztalk Server	Version 2000 sp2
Microsoft Biztalk Server	Version 2002
Microsoft Biztalk Server	Version 2002

References (4)

http://marc.info/?l=bugtraq&m=105216839231951&w=2

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=105216839231951&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.