2017-09-25 19:00:00
schneider
PUBLISHED
A SQL injection vulnerability exists in Schneider Electrics U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.