SQL Injection Vulnerability in Xerox DocuShare Products
CVE-2014-3138

Currently unrated

Key Information:

Vendor: Xerox
Status: Docushare
Vendor: CVE Published:; 2 May 2014

Summary

An SQL injection flaw exists in Xerox DocuShare, enabling authenticated remote users to execute arbitrary SQL commands through malicious requests. This vulnerability specifically arises from improper validation of input data within the PATH_INFO variable, affecting various versions of the platform. Exploiting this flaw may allow an attacker to manipulate or retrieve sensitive data directly from the database, posing a serious threat to the integrity and confidentiality of stored information.

References

http://www.xerox.com/download/security/security-bulletin/...

x_refsource_MISC

http://www.exploit-db.com/exploits/32886

exploitx_refsource_EXPLOIT-DB

http://www.osvdb.org/105972

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 2, 2014
Vulnerability Reserved
May 1, 2014