CVE-2018-7773: SQL Injection
First published: Tue Jul 03 2018(Updated: )
The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric U.motion Builder | <1.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-7773.
What software versions are affected by this vulnerability?
The vulnerability affects Schneider Electric U.motion Builder software versions prior to v1.3.4.
What is the severity of CVE-2018-7773?
The severity of CVE-2018-7773 is high with a CVSS score of 8.8.
What is the nature of the vulnerability in Schneider Electric U.motion Builder?
The vulnerability in Schneider Electric U.motion Builder is a SQL injection vulnerability in the nfcserver.php file.
How can I fix CVE-2018-7773?
To fix CVE-2018-7773, you should update Schneider Electric U.motion Builder to version 1.3.4 or later.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric u.motion builder