CVE-2018-7774

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 44.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric U.motion Builder Schneider Electric SE U.motion

Timeline

PublishedJul 3

Latest updateMay 14

Description

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDschneider-electric/u.motion_builder< 1.3.4

▶CVEListV5schneider_electric_se/u.motionU.motion Builder Software, all versions prior to v1.3.4

🔴Vulnerability Details

GHSA

GHSA-2q77-vqv7-52xc: The vulnerability exists within processing of localize↗2022-05-14

▶

CVEList

CVE-2018-7774: The vulnerability exists within processing of localize↗2018-07-03

▶