The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.

Related CVEs

CVE-2018-7770

Key Information

GHSA ID

GHSA-3q62-wpc2-x57g

Published

May 13, 2022 1:53 AM

Last Modified

May 13, 2022 1:53 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.