SQL Injection Vulnerability in MOVEit Transfer Web Application by Progress
CVE-2021-33894
8.8HIGH
What is CVE-2021-33894?
A SQL injection vulnerability is present in the MOVEit Transfer web application, specifically within SILUtility.vb. This issue allows authenticated attackers to gain unauthorized access to the underlying database. Depending on the database engine utilized (such as MySQL, Microsoft SQL Server, or Azure SQL), attackers may exploit this vulnerability to infer sensitive information regarding the database structure and contents. They may also execute unauthorized SQL commands, potentially leading to unauthorized alterations or deletions of critical database elements.