Back to search
CVE-2018-7772
Published: Jul 3, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request.
| Vendor | Product | Versions |
|---|---|---|
Schneider Electric SE | U.Motion | affected U.motion Builder Software, all versions prior to v1.3.4 |
References
https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now