A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSchneider Electric U.motion Builder
APPSchneider-Electric≤ 1.2.1
Powiązane podatności
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows au...
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the...
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software...
The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder s...