Description
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Cesar Cerrudo · textwebappsasp
https://www.exploit-db.com/exploits/22554
exploitdb
WORKING POC
VERIFIED
by Cesar Cerrudo · textwebappsasp
https://www.exploit-db.com/exploits/22555
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105216839231951&w=2
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016
Scores
EPSS
0.0408
EPSS Percentile
88.6%
Details
Status
published
Products (2)
microsoft/biztalk_server
2000 (9 CPE variants)
microsoft/biztalk_server
2002 (2 CPE variants)
Published
May 12, 2003
Tracked Since
Feb 18, 2026