CVE-2001-0319

IBM Net.Commerce 3.x - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0319. PoCs published by Rudi Carell.

AI-analyzed exploit summary The exploit demonstrates SQL injection in IBM Net.Commerce's macros, allowing arbitrary database queries to extract sensitive information such as admin credentials and password hashes. The provided URLs manipulate the 'order_rn' parameter to perform UNION-based SQLi attacks.

Description

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rudi Carell · textremotemultiple

https://www.exploit-db.com/exploits/20618

View Code ZIP pw:eip

The exploit demonstrates SQL injection in IBM Net.Commerce's macros, allowing arbitrary database queries to extract sensitive information such as admin credentials and password hashes. The provided URLs manipulate the 'order_rn' parameter to perform UNION-based SQLi attacks.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: IBM Net.Commerce (versions prior to 3.2) and WebSphere Commerce Suite (versions prior to 4.1)

No auth needed

Prerequisites: Access to the target server's CGI endpoint · Vulnerable Net.Commerce or WebSphere Commerce Suite installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

http://www-4.ibm.com/software/webservers/commerce/netcomletter.html

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2350

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6067

Scores

EPSS 0.0710

EPSS Percentile 93.4%

Details

Status published

Products (13)

ibm/net.commerce 2.0

ibm/net.commerce 3.0

ibm/net.commerce 3.1 (2 CPE variants)

ibm/net.commerce 3.1.1 (2 CPE variants)

ibm/net.commerce 3.1.2 (2 CPE variants)

ibm/net.commerce 3.2 (2 CPE variants)

ibm/net.commerce_hosting_server 3.1.1

ibm/net.commerce_hosting_server 3.1.2

ibm/net.commerce_hosting_server 3.2

ibm/websphere_commerce_suite 3.1.2

... and 3 more

Published May 03, 2001

Tracked Since Feb 18, 2026