CVE-2018-7770

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 47.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric U.motionSchneider Electric SE U.motion
Timeline
PublishedJul 3
Latest updateMay 13

Description

The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5schneider_electric_se/u.motionU.motion Builder Software, all versions prior to v1.3.4

🔴Vulnerability Details

2
GHSA
GHSA-3q62-wpc2-x57g: The vulnerability exists within processing of sendmail2022-05-13
CVEList
CVE-2018-7770: The vulnerability exists within processing of sendmail2018-07-03
CVE-2018-7770 (MEDIUM CVSS 6.5) | The vulnerability exists within pro | cvebase.io