CVE-2017-14758

HIGH

OpenText Document Sciences xPression v4.5SP1 Patch 13 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14758. PoCs published by Marcin Woloszyn.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in OpenText Document Sciences xPression. The exploit vector is provided, but no actual exploit code is included.

Description

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.

Exploits (1)

exploitdb WRITEUP
by Marcin Woloszyn · textwebappsjsp
https://www.exploit-db.com/exploits/42940

This is a writeup describing a SQL injection vulnerability in OpenText Document Sciences xPression. The exploit vector is provided, but no actual exploit code is included.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Theoretical
Target: OpenText Document Sciences xPression v4.5SP1 Patch 13
No auth needed
Prerequisites: Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42940/
Permissions Required, Vendor Advisory x_refsource_misc
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774
Mailing List x_refsource_misc
http://seclists.org/fulldisclosure/2017/Oct/23

Scores

CVSS v3 8.8
EPSS 0.0267
EPSS Percentile 83.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
opentext/document_sciences_xpression < 4.5
Published Oct 03, 2017
Tracked Since Feb 18, 2026