Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

• https://nvd.nist.gov/vuln/detail/CVE-2014-4305
• https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140528-0_NICE_Recording_eXpress_Multiple_critical_vulnerabilities_v10.txt
• http://packetstormsecurity.com/files/126858/NICE-Recording-eXpress-6.x-Root-Backdoor-XSS-Bypass.html