CVE-2017-7221

HIGH

OpenText Documentum Content Server - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7221. PoCs published by Andrey B. Panfilov.

AI-analyzed exploit summary This exploit demonstrates arbitrary code execution in OpenText Documentum Content Server by leveraging improper input validation in the dm_bp_transition docbase method. An attacker can create a malicious dm_procedure object and execute arbitrary commands with superuser privileges.

Description

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.

Exploits (1)

exploitdb WORKING POC

by Andrey B. Panfilov · pythonwebappsmultiple

https://www.exploit-db.com/exploits/41928

View Code ZIP pw:eip

This exploit demonstrates arbitrary code execution in OpenText Documentum Content Server by leveraging improper input validation in the dm_bp_transition docbase method. An attacker can create a malicious dm_procedure object and execute arbitrary commands with superuser privileges.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenText Documentum Content Server (all versions)

Auth required

Prerequisites: Access to a valid user account · Ability to create dm_procedure objects

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Mailing List, Third Party Advisory, VDB Entry x_refsource_misc

http://seclists.org/fulldisclosure/2017/Apr/97

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41928/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98038

Scores

CVSS v3 8.8

EPSS 0.0420

EPSS Percentile 89.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

opentext/documentum_content_server

Published Apr 25, 2017

Tracked Since Feb 18, 2026