CVE-2014-3138

Currently unrated

Key Information:

Vendor: Xerox
Status: Docushare
Vendor: CVE Published:; 2 May 2014

Summary

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.

References

http://www.xerox.com/download/security/security-bulletin/...

x_refsource_MISC

http://www.exploit-db.com/exploits/32886

exploitx_refsource_EXPLOIT-DB

http://www.osvdb.org/105972

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 2, 2014
Vulnerability Reserved
May 1, 2014