CNVD-2018-07816 — Vulnetix

CNVD-2018-07816 PUBLISHED

U.motion Builder是法国施耐德电气（Schneider Electric）公司的一款生成器产品。 Schneider Electric U.motion Builder存在远程代码执行漏洞，该漏洞是由于处理update_module.php上的update_file请求参数不足造成的。经过身份验证的远程攻击者可以通过向目标服务器发送特制的请求，从而执行任意代码。

Affected Products

Vendor	Product	Versions
	Schneider Electric U.motion Builder <1.3.4

Timeline

Apr 13, 2018 CVE ID Reserved
Apr 18, 2018 CVE Published

References

https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9607472623&p_File_Name=SEVD-2018-095-01+U.motion.pdf&p_Reference=SEVD-2018-095-01 url

Open in Interactive Console →