25 matches found
Schneider Electric U.motion Builder - SQL Injection
The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...
VulnCheck KEV: CVE-2018-7765
The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...
VulnCheck KEV: CVE-2018-7841
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered...
Schneider Electric U.Motion Builder track_import_export.php object_id unauthenticated command injection vulnerability
U.motion Builder is a builder product from Schneider Electric France. A security vulnerability exists in Schneider Electric U.Motion Builder trackimportexport.php objectid. The vulnerability is due to the application failing to properly validate and filter this parameter and can be exploited by a...
CVE-2018-7786
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting XSS vulnerability exists which could allow injection of malicious scripts...
CVE-2018-7774
The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter...
CVE-2018-7777
The vulnerability is due to insufficient handling of updatefile request parameter on updatemodule.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server...
CVE-2018-7766
The vulnerability exists within processing of trackgetdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...
CVE-2018-7765
The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...
CVE-2018-7773
The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter...
CVE-2018-7769
The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...
CVE-2018-7767
The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter...
CVE-2018-7771
The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree...
Schneider Electric U.motion Builder Information Disclosure Vulnerability (CNVD-2018-11390)
U.motion Builder is a builder product from Schneider Electric France. An information disclosure vulnerability exists in the Schneider Electric U.motion Builder that stems from improperly filtered validation of context parameter inputs in HTTP GET requests, which can be exploited by an attacker to...
Schneider Electric U.motion Builder sendmail email_attachment parameter information disclosure vulnerability
U.motion Builder is a builder product from Schneider Electric France. An information disclosure vulnerability exists in the handling of the Schneider Electric U.motion Builder sendmail emailattachment parameter in sendmail.php, which can be exploited by an attacker to select arbitrary files to be...
Schneider Electric U.motion Builder Directory Traversal Vulnerability
U.motion Builder is a generator product from Schneider Electric France. A directory traversal vulnerability exists in Schneider Electric U.motion Builder when handling the 's' parameter of an applet. The vulnerability exists in the runscript.php applet and can be exploited to obtain sensitive...
CVE-2017-9959
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition...
Schneider Electric U.motion Builder editscript remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder editscript. It allows a caller with standard user privileges to write arbitrary PHP files anywhere in the web service directory tree. An...
Schneider Electric U.motion Builder syslog_getdata Remote Code Execution Vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder sysloggetdata. The base SQLite database query requires SQL injection on the type, level, ishandled, and lastlogid input parameters. A remote...
Schneider Electric U.motion Builder file_picker remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder filepicker. The user-specified upload path is not constrained, so any logged-in user can upload a file to any location in the system that is...