HTTP:Schneider Electric U.motion Builder loadtemplate.php SQL Injection
This signature detects attempts to exploit a known vulnerability against Schneider Electric U.motion Builder loadtemplate.php. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
Affected Products
Schneider-electric u.motion_builder
Short Name
HTTP:SQL:INJ:SE-UMTN-LDTEMP-PHP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Builder CVE-2017-7973 Electric Injection SQL Schneider U.motion loadtemplate.php
Release Date
12/29/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3558
False Positive
Unknown
Vendors
Schneider-electric
CVSS Score
7.5