CVE-2017-14960
HIGHOpenText Document Sciences xPression < 4.5 - SQL Injection in xDashboard
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-14960. PoCs published by Pawel Gocyla.
AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in EMC xDashboard, specifically in the 'model.jobHistoryId' parameter. It includes true/false condition examples for testing but lacks executable exploit code.
Description
xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.
Exploits (1)
exploitdb
WRITEUP
by Pawel Gocyla · textwebappsmultiple
https://www.exploit-db.com/exploits/43422
The provided text describes a SQL injection vulnerability in EMC xDashboard, specifically in the 'model.jobHistoryId' parameter. It includes true/false condition examples for testing but lacks executable exploit code.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
EMC xPression v4.5SP1 Patch 13
No auth needed
Prerequisites:
Network access to the vulnerable application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43422/
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jan/6
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102419
Scores
CVSS v3
7.5
EPSS
0.0374
EPSS Percentile
88.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
opentext/document_sciences_xpression
< 4.5
Published
Jan 04, 2018
Tracked Since
Feb 18, 2026