CVE-2017-7973 in U.motion Builderinformazioni

Riassunto

di MITRE

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

19/04/2017

Divulgazione

25/09/2017

Moderazione

accettato

Voce

VDB-107142

CPE

pronto

CWE

CWE-89 (confermato)

CVSS

9.8 (NVD)

EPSS

0.01472

KEV

Attività

molto basso

Settore

Industry, Energy, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-7973
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-7973
CVE Details	https://www.cvedetails.com/cve/CVE-2017-7973/

◂ Precedente Visione D'ensemble Il prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!