CVE-2017-14757

HIGH

OpenText Document Sciences xPression <4.5SP1 Patch 13 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14757. PoCs published by Marcin Woloszyn.

AI-analyzed exploit summary This is a writeup detailing a SQL injection vulnerability in OpenText Document Sciences xPression. It provides proof of the vulnerability through error-based injection and demonstrates how an attacker can retrieve data from the application database.

Description

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.

Exploits (1)

exploitdb WRITEUP
by Marcin Woloszyn · textwebappsjsp
https://www.exploit-db.com/exploits/42939

This is a writeup detailing a SQL injection vulnerability in OpenText Document Sciences xPression. It provides proof of the vulnerability through error-based injection and demonstrates how an attacker can retrieve data from the application database.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: OpenText Document Sciences xPression v4.5SP1 Patch 13
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42939/
Mailing List x_refsource_misc
http://seclists.org/fulldisclosure/2017/Oct/8

Scores

CVSS v3 8.8
EPSS 0.0190
EPSS Percentile 76.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
opentext/document_sciences_xpression < 4.5
Published Oct 03, 2017
Tracked Since Feb 18, 2026