SQL Injection Vulnerability in Schneider Electric U.motion Builder Software

SQL Injection Vulnerability in Schneider Electric U.motion Builder Software

CVE-2017-7973 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.