cbcvebase.
CVE-2018-7765
published 2018-07-03

CVE-2018-7765: The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying…

PriorityP276high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.92%
85.3th percentile
The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
schneider-electricu.motion_builder< 1.3.41.3.4
schneider_electric_seu.motion

Detection & IOCsextracted from sources · hover to see the quote

path/umotion/modules/reporting/track_import_export.php
path/smartdomuspad/modules/reporting/track_import_export.php
commandop=export&language=english&interval=1&object_id=1' order by 1-- -
commandop=export&language=english&interval=1&object_id=1' order by 2-- -
othershodan-query: http.headers_hash:1985490094
  • Detect SQL injection attempts against track_import_export.php by monitoring POST requests to the path with ORDER BY payloads in the object_id parameter. A response containing 'Invalid argument supplied for foreach' indicates the column count boundary was exceeded, confirming SQLi.
  • The vulnerability is unauthenticated — no session or credentials are required. Monitor for POST requests to track_import_export.php from unauthenticated sources (no valid session cookie).
  • The object_id parameter is the injection point; alert on SQL metacharacters (single quotes, ORDER BY, comment sequences -- -) or OS command injection characters (backticks, semicolons) in this parameter.
  • ·Two different base paths are observed in the wild for the vulnerable script: /umotion/modules/reporting/ and /smartdomuspad/modules/reporting/ — detection rules should cover both path prefixes.
  • ·CVE-2018-7765 (SQL injection) and CVE-2018-7841 (OS command injection bypass) both target the same script and parameter (track_import_export.php / object_id); detections for one should be extended to cover the other.
  • ·The product has been retired and no patch will be published; the recommended action is removal of the installation, not patching.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.