CVE-2018-7841

Published: May 22, 2019

Modified: Oct 21, 2025

PUBLISHED

Description

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.

Vendor	Product	Versions
U.motion	U.motion Builder software version 1.3.4	affected `U.motion Builder software version 1.3.4`

References

http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html

x_refsource_MISC

20190514 [CVE-2018-7841] Schneider Electric U.Motion Builder <= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection

mailing-list

x_refsource_FULLDISC

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-7841

Description

Affected Products

References