CVE-2018-7777

Name of the Vulnerable Software and Affected Versions U.motion Builder versions prior to 1.3.4

Description The issue is due to insufficient handling of the update file request parameter on the update module.php script in the U.motion Builder software. This allows a remote, authenticated attacker to exploit the vulnerability by sending a specially crafted request to the server, potentially enabling the execution of arbitrary code.

Recommendations For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the update module.php script to minimize the risk of exploitation. Avoid using the update file parameter in the affected API endpoint until the issue is resolved.