CVE-2017-14960

HIGH

OpenText Document Sciences xPression < 4.5 - SQL Injection in xDashboard

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14960. PoCs published by Pawel Gocyla.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in EMC xDashboard, specifically in the 'model.jobHistoryId' parameter. It includes true/false condition examples for testing but lacks executable exploit code.

Description

xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.

Exploits (1)

exploitdb WRITEUP
by Pawel Gocyla · textwebappsmultiple
https://www.exploit-db.com/exploits/43422

The provided text describes a SQL injection vulnerability in EMC xDashboard, specifically in the 'model.jobHistoryId' parameter. It includes true/false condition examples for testing but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: EMC xPression v4.5SP1 Patch 13
No auth needed
Prerequisites: Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43422/
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jan/6
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102419

Scores

CVSS v3 7.5
EPSS 0.0374
EPSS Percentile 88.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
opentext/document_sciences_xpression < 4.5
Published Jan 04, 2018
Tracked Since Feb 18, 2026