20 matches found
Schneider Electric U.motion Builder - SQL Injection
The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...
VulnCheck KEV: CVE-2018-7765
The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...
VulnCheck KEV: CVE-2018-7841
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered...
Schneider Electric U.Motion Builder track_import_export.php object_id unauthenticated command injection vulnerability
U.motion Builder is a builder product from Schneider Electric France. A security vulnerability exists in Schneider Electric U.Motion Builder trackimportexport.php objectid. The vulnerability is due to the application failing to properly validate and filter this parameter and can be exploited by a...
CVE-2018-7774
The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter...
CVE-2018-7786
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting XSS vulnerability exists which could allow injection of malicious scripts...
CVE-2018-7766
The vulnerability exists within processing of trackgetdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...
CVE-2018-7767
The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter...
CVE-2018-7771
The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree...
CVE-2018-7769
The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...
CVE-2018-7765
The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...
Schneider Electric U.motion Builder Information Disclosure Vulnerability (CNVD-2018-11390)
U.motion Builder is a builder product from Schneider Electric France. An information disclosure vulnerability exists in the Schneider Electric U.motion Builder that stems from improperly filtered validation of context parameter inputs in HTTP GET requests, which can be exploited by an attacker to...
The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from the use of a default password, allowing attackers to bypass the authentication process.
The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system exists due to the use of a default password. Exploiting this vulnerability allows an attacker to bypass the authentication process remotely...
The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from deficiencies in protecting the SQL query structure, allowing attackers to execute arbitrary SQL commands.
The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” stems from deficiencies in measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...
Schneider Electric U.motion Builder file_picker remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder filepicker. The user-specified upload path is not constrained, so any logged-in user can upload a file to any location in the system that is...
Schneider Electric U.motion Builder xmlserver Remote Code Execution Vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder xmlserver. The underlying SQLite database query requires SQL injection of the id input parameter. A remote attacker can exploit this...
Schneider Electric U.motion Builder syslog_getdata Remote Code Execution Vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder sysloggetdata. The base SQLite database query requires SQL injection on the type, level, ishandled, and lastlogid input parameters. A remote...
Schneider Electric U.motion Builder editscript remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder editscript. It allows a caller with standard user privileges to write arbitrary PHP files anywhere in the web service directory tree. An...
Schneider Electric U.motion Builder Remote Code Execution Vulnerability (CNVD-2017-09466)
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder. The underlying SQLite database query used to determine if a user is logged in requires SQL injection on the loginSeed parameter, which can be...
Schneider Electric U.motion Builder message_simple_html restart parameter denial of service vulnerability
U.motion Builder is a generator product from Schneider Electric France. Schneider Electric U.motion Builder messagesimplehtml reboot parameter denial of service vulnerability. Allows a remote attacker to permanently reboot the system and deny service to all users...