Lucene search
K

20 matches found

Nuclei
Nuclei
added 9 hours ago11 views

Schneider Electric U.motion Builder - SQL Injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...

8.8CVSS7.2AI score0.02917EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
added 2020/07/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-7765

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

8.8CVSS7.4AI score0.02917EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2019/06/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-7841

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered...

9.8CVSS7.8AI score0.72486EPSS
Exploits6References1
CNVD
CNVD
added 2019/05/15 12:0 a.m.7 views

Schneider Electric U.Motion Builder track_import_export.php object_id unauthenticated command injection vulnerability

U.motion Builder is a builder product from Schneider Electric France. A security vulnerability exists in Schneider Electric U.Motion Builder trackimportexport.php objectid. The vulnerability is due to the application failing to properly validate and filter this parameter and can be exploited by a...

9.8CVSS8.6AI score0.72486EPSS
Exploits6References1
OSV
OSV
added 2018/07/03 2:29 p.m.3 views

CVE-2018-7774

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter...

8.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2018/07/03 2:29 p.m.3 views

CVE-2018-7786

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting XSS vulnerability exists which could allow injection of malicious scripts...

6.1CVSS5.3AI score0.00754EPSS
Exploits0References2
OSV
OSV
added 2018/07/03 2:29 p.m.3 views

CVE-2018-7766

The vulnerability exists within processing of trackgetdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...

8.8CVSS5.8AI score0.00974EPSS
Exploits0References1
OSV
OSV
added 2018/07/03 2:29 p.m.3 views

CVE-2018-7767

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter...

8.8CVSS5.8AI score0.00974EPSS
Exploits0References1
OSV
OSV
added 2018/07/03 2:29 p.m.2 views

CVE-2018-7771

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree...

8CVSS5.9AI score0.01446EPSS
Exploits0References1
OSV
OSV
added 2018/07/03 2:29 p.m.3 views

CVE-2018-7769

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...

8.8CVSS5.8AI score0.00974EPSS
Exploits0References1
OSV
OSV
added 2018/07/03 2:29 p.m.2 views

CVE-2018-7765

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

8.8CVSS5.8AI score0.02917EPSS
Exploits3References2
CNVD
CNVD
added 2018/06/13 12:0 a.m.3 views

Schneider Electric U.motion Builder Information Disclosure Vulnerability (CNVD-2018-11390)

U.motion Builder is a builder product from Schneider Electric France. An information disclosure vulnerability exists in the Schneider Electric U.motion Builder that stems from improperly filtered validation of context parameter inputs in HTTP GET requests, which can be exploited by an attacker to...

5.3CVSS6.2AI score0.01102EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/08/18 12:0 a.m.6 views

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from the use of a default password, allowing attackers to bypass the authentication process.

The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system exists due to the use of a default password. Exploiting this vulnerability allows an attacker to bypass the authentication process remotely...

7.5CVSS7.7AI score0.01618EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/08/18 12:0 a.m.6 views

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from deficiencies in protecting the SQL query structure, allowing attackers to execute arbitrary SQL commands.

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” stems from deficiencies in measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

9.8CVSS8.2AI score0.01472EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2017/06/14 12:0 a.m.1 views

Schneider Electric U.motion Builder file_picker remote code execution vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder filepicker. The user-specified upload path is not constrained, so any logged-in user can upload a file to any location in the system that is...

8.4AI score
Exploits0References1
CNVD
CNVD
added 2017/06/14 12:0 a.m.1 views

Schneider Electric U.motion Builder xmlserver Remote Code Execution Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder xmlserver. The underlying SQLite database query requires SQL injection of the id input parameter. A remote attacker can exploit this...

9.4AI score
Exploits0References1
CNVD
CNVD
added 2017/06/14 12:0 a.m.1 views

Schneider Electric U.motion Builder syslog_getdata Remote Code Execution Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder sysloggetdata. The base SQLite database query requires SQL injection on the type, level, ishandled, and lastlogid input parameters. A remote...

9.4AI score
Exploits0References1
CNVD
CNVD
added 2017/06/14 12:0 a.m.1 views

Schneider Electric U.motion Builder editscript remote code execution vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder editscript. It allows a caller with standard user privileges to write arbitrary PHP files anywhere in the web service directory tree. An...

8.5AI score
Exploits0References1
CNVD
CNVD
added 2017/06/14 12:0 a.m.1 views

Schneider Electric U.motion Builder Remote Code Execution Vulnerability (CNVD-2017-09466)

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder. The underlying SQLite database query used to determine if a user is logged in requires SQL injection on the loginSeed parameter, which can be...

9.3AI score
Exploits0References1
CNVD
CNVD
added 2017/06/14 12:0 a.m.1 views

Schneider Electric U.motion Builder message_simple_html restart parameter denial of service vulnerability

U.motion Builder is a generator product from Schneider Electric France. Schneider Electric U.motion Builder messagesimplehtml reboot parameter denial of service vulnerability. Allows a remote attacker to permanently reboot the system and deny service to all users...

6.9AI score
Exploits0References1
Rows per page
Query Builder