|
|||
Rule General Information |
---|
Release Date: | 2017-09-01 | |
Rule Name: | Schneider Electric U.motion Builder track_import_export.php SQL Injection Vulnerability (CVE-2017-7973) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | |
Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Linux | |
Reference: | CVE-2017-7973 |
|
Solutions |
---|
Upgrading to 1.2.1 later version to resolve the problem. |