CNVD-2017-09467 — Vulnetix

CNVD-2017-09467 PUBLISHED

U.motion Builder是法国施耐德电气（Schneider Electric）公司的一款生成器产品。 Schneider Electric U.motion Builder track_import_export中存在远程代码执行漏洞。当在applet调用中选择导出操作时，底层SQLite数据库查询需要对object_id输入参数进行SQL注入。远程攻击者可以利用此漏洞对数据库执行任意命令。

Affected Products

Vendor	Product	Versions
	Schneider Electric U.motion Builder

Timeline

Jun 14, 2017 CVE ID Reserved
Jun 14, 2017 CVE Published

References

http://www.zerodayinitiative.com/advisories/ZDI-17-378/ url

Open in Interactive Console →