VYPR
Unrated severityNVD Advisory· Published May 2, 2014· Updated Jun 17, 2026

CVE-2014-3138

CVE-2014-3138

Description

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Xerox/Docushare6 versions
    cpe:2.3:a:xerox:docushare:6.5.3:-:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:xerox:docushare:6.5.3:-:*:*:*:*:*:*
    • cpe:2.3:a:xerox:docushare:6.5.3:patch6:*:*:*:*:*:*
    • cpe:2.3:a:xerox:docushare:6.6.1:-:*:*:*:*:*:*
    • cpe:2.3:a:xerox:docushare:6.6.1:update1:*:*:*:*:*:*
    • cpe:2.3:a:xerox:docushare:6.6.1:update2:*:*:*:*:*:*
    • (no CPE)range: <6.53 Patch 6 Hotfix 2; 6.6.1 Update 1 before Hotfix 24; 6.6.1 Update 2 before Hotfix 3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.