CNVD-2017-09470 — Vulnetix

CNVD-2017-09470 PUBLISHED

U.motion Builder是法国施耐德电气（Schneider Electric）公司的一款生成器产品。 Schneider Electric U.motion Builder nfcserver存在远程代码执行漏洞。底层的SQLite数据库查询需要在sessionid输入参数上进行SQL注入。远程攻击者可以利用漏洞对数据库执行任意命令。

Affected Products

Vendor	Product	Versions
	Schneider Electric U.motion Builder

Timeline

Jun 14, 2017 CVE ID Reserved
Jun 14, 2017 CVE Published

References

http://www.zerodayinitiative.com/advisories/ZDI-17-381/ url

Open in Interactive Console →