CNVD-2018-07819 — Vulnetix

CNVD-2018-07819 PUBLISHED

U.motion Builder是法国施耐德电气（Schneider Electric）公司的一款生成器产品。 Schneider Electric U.motion Builder Web服务上公开的小程序中存在远程代码执行漏洞。由于底层SQLite数据库查询受logininfo参数（可嵌入请求的HTTP cookie中）的影响，攻击者可利用漏洞执行任意代码。

Affected Products

Vendor	Product	Versions
	Schneider Electric U.motion Builder <1.3.4

Timeline

Apr 13, 2018 CVE ID Reserved
Apr 18, 2018 CVE Published

References

https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9607472623&p_File_Name=SEVD-2018-095-01+U.motion.pdf&p_Reference=SEVD-2018-095-01 url

Open in Interactive Console →