VULHUB ™

Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers. An issue exists in web applications that ship with Site Server that do not properly validate user input before passing it to an SQL query. The site applications contained within 'clocktower', 'vc30', 'mspress30' and 'market' allow for the injection of user specified SQL commands. The existence of these vulnerabilities may be due to the issue discussed as BID 994. However this has not been confirmed.

Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers. An issue exists in web applications that ship with Site Server that do not properly validate user input before passing it to an SQL query. The site applications contained within 'clocktower', 'vc30', 'mspress30' and 'market' allow for the injection of user specified SQL commands. The existence of these vulnerabilities may be due to the issue discussed as BID 994. However this has not been confirmed.