← back
CVE-2017-14757

CVE-2017-14757

EPSS 1.9%
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42939/unverifiedexploitdbwww.exploit-db.com/exploits/42939unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2017/Oct/8https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774https://www.exploit-db.com/exploits/42939/