CVE-2018-7768SQL Injection in U.motion Builder

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 44.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric U.motion BuilderSchneider Electric SE U.motion
Timeline
PublishedJul 3
Latest updateMay 14

Description

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5schneider_electric_se/u.motionU.motion Builder Software, all versions prior to v1.3.4

🔴Vulnerability Details

2
GHSA
GHSA-gg8c-ccfv-g3xx: The vulnerability exists within processing of loadtemplate2022-05-14
CVEList
CVE-2018-7768: The vulnerability exists within processing of loadtemplate2018-07-03
CVE-2018-7768 — SQL Injection in U.motion Builder | cvebase