CRITICAL🇬🇧 English

CVE-2017-7973

CVSS 9.8v3.0pub. 2017-09-26upd. 2026-05-13

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric U.motion Builder

    APP
    Schneider-Electric
    ≤ 1.2.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2018-7841CRITICAL9.8⚠ KEVten sam produkt

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...

CVE-2018-7785CRITICAL9.8ten sam produkt

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows au...

CVE-2017-9957CRITICAL9.8ten sam produkt

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the...

CVE-2017-7974CRITICAL9.8ten sam produkt

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software...

CVE-2018-7765HIGH8.8ten sam produkt

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder s...