CNVD-2017-09466 — Vulnetix

CNVD-2017-09466 PUBLISHED

U.motion Builder是法国施耐德电气（Schneider Electric）公司的一款生成器产品。 Schneider Electric U.motion Builder存在远程代码执行漏洞。用于确定用户是否登录的底层SQLite数据库查询需要在loginSeed参数上进行SQL注入，该参数可以嵌入到请求的HTTP cookie中。远程攻击者可利用漏洞对数据库执行任意命令。

Affected Products

Vendor	Product	Versions
	Schneider Electric U.motion Builder

Timeline

Jun 14, 2017 CVE ID Reserved
Jun 14, 2017 CVE Published

References

http://www.zerodayinitiative.com/advisories/ZDI-17-377/ url

Open in Interactive Console →