Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Schneider Electric SE

U.Motion

2 Versions 20 CVEs

Versions

U.motion Builder Versions 1.2.1 and prior.

OTHER 6 CVEs

U.motion Builder Software, all versions prior to v1.3.4

OTHER 14 CVEs

Recent CVEs

CVE-2018-7769

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

UNKNOWN Jul 03, 2018

CVE-2018-7767

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.

UNKNOWN Jul 03, 2018

CVE-2018-7766

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

UNKNOWN Jul 03, 2018

CVE-2018-7768

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.

UNKNOWN Jul 03, 2018

CVE-2018-7764

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet.

UNKNOWN Jul 03, 2018

CVE-2018-7774

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.

UNKNOWN Jul 03, 2018

CVE-2018-7763

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability.

UNKNOWN Jul 03, 2018

CVE-2018-7770

The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.

UNKNOWN Jul 03, 2018

CVE-2018-7777

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.

UNKNOWN Jul 03, 2018

CVE-2018-7773

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.

UNKNOWN Jul 03, 2018