The vulnerability in the `track_import_export.php` script of the U.motion builder system allows a perpetrator to execute arbitrary SQL queries against the database.

🗓️ 12 Apr 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

A vulnerability in the track_import_export.php script allows arbitrary structured query language queries via the object_id parameter.

Reporter	Title	Published	Views	Family All 12
0day.today	Schneider Electric U.Motion Builder 1.3.4 Command Injection Vulnerability	15 May 201900:00	–	zdt
Circl	CVE-2018-7765	26 Nov 202521:02	–	circl
CVE	CVE-2018-7765	3 Jul 201814:00	–	cve
Cvelist	CVE-2018-7765	3 Jul 201814:00	–	cvelist
EUVD	EUVD-2018-19477	7 Oct 202500:30	–	euvd
exploitpack	Schneider Electric U.Motion Builder 1.3.4 - track_import_export.php object_id Unauthenticated Command Injection	14 May 201900:00	–	exploitpack
ICS	Schneider Electric U.motion Builder (Update A)	29 Jun 201700:00	–	ics
Nuclei	Schneider Electric U.motion Builder - SQL Injection	9 Jun 202605:43	–	nuclei
NVD	CVE-2018-7765	3 Jul 201814:29	–	nvd
Packet Storm	Schneider Electric U.Motion Builder 1.3.4 Command Injection	14 May 201900:00	–	packetstorm

Vulners

Node

schneider_electric u.motion_builderRange<1.3.4

Source	Link
download	www.download.schneider-electric.com/files
schneider-electric	www.schneider-electric.com/en/download/document/SE_UMOTION_BUILDER/
threatpost	www.threatpost.ru/zakryty-16-uyazvimostej-v-u-motion-builder/25555/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2018041010
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 38.8

CVSS 210

EPSS0.06486

track import export arbitrary queries structured query language object identifier parameter database vulnerability