CVE-2017-7221

HIGH Year: 2017
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.

Related Vulnerabilities

CVE-2007-10003

HIGH
CVSS:8.8(High)

A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the com...

CWE-892007

CVE-2010-3662

HIGH
CVSS:8.8(High)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.

CWE-892010

CVE-2011-0467

HIGH
CVSS:8.8(High)

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected ...

CWE-892011

CVE-2012-4383

HIGH
CVSS:8.8(High)

contao prior to 2.11.4 has a sql injection vulnerability

CWE-892012

CVE-2013-3638

HIGH
CVSS:8.8(High)

SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.

CWE-892013