Unrated severityNVD Advisory· Published May 12, 2003· Updated Apr 16, 2026

CVE-2003-0118

Description

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Affected products

Microsoft/Biztalk Server11 versions
cpe:2.3:a:microsoft:biztalk_server:2000:*:developer:*:*:*:*:*+ 10 more
- cpe:2.3:a:microsoft:biztalk_server:2000:*:developer:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2000:*:enterprise:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:developer:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:enterprise:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:standard:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2000:sp2:developer:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2000:sp2:enterprise:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2000:sp2:standard:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2000:*:standard:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2002:*:developer:*:*:*:*:*
- cpe:2.3:a:microsoft:biztalk_server:2002:*:enterprise:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000