VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 19, 2023· Updated Oct 15, 2024

Anant Labs google-enterprise-connector-dctm sql injection

CVE-2014-125083

Description

A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection vulnerability in Anant Labs google-enterprise-connector-dctm up to 3.2.3 allows attackers to execute arbitrary SQL via username/domain parameter.

Vulnerability

The vulnerability is an SQL injection in the google-enterprise-connector-dctm connector up to version 3.2.3. The unknown functionality manipulates the username and domain arguments without proper escaping, leading to SQL injection. The patch introduces DqlUtils.escapeString and DqlUtils.escapePattern methods to sanitize inputs [1].

Exploitation

An attacker can exploit this by providing crafted input to the username or domain parameters. No authentication is mentioned, but likely requires network access to the connector. The exact sequence is not detailed, but typical SQL injection steps apply.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL queries, potentially leading to data disclosure, modification, or deletion. The impact is critical as per the description.

Mitigation

The fix is available in commit 6fba04f18ab7764002a1da308e7cd9712b501cb7 [1]. Users should apply the patch or upgrade to a version containing it. No workaround is mentioned.

References
  1. Escape username and domain values to avoid SQL injection in string · AnantLabs/google-enterprise-connector-dctm@6fba04f

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.