PT-2018-18267 · Schneider Electric · U.Motion Builder

Published

2018-07-03

·

Updated

2019-10-03

·

CVE-2018-7770

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Schneider Electric U.motion Builder versions prior to 1.3.4
Description: The issue exists in the processing of sendmail.php, allowing callers to select arbitrary files to send to any email address.
Recommendations: For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-7770

Affected Products

U.Motion Builder