mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-14 20:08:44 +00:00
949 B
949 B
CVE-2017-5585
Description
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520.
POC
Reference
Github
No PoCs found on GitHub currently.