PT-2018-18267 · Schneider Electric · U.Motion Builder

Publicado

2018-07-03

·

Atualizado

2019-10-03

·

CVE-2018-7770

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Schneider Electric U.motion Builder versions prior to 1.3.4
Description: The issue exists in the processing of sendmail.php, allowing callers to select arbitrary files to send to any email address.
Recommendations: For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2018-7770

Produtos afetados

U.Motion Builder