SQL Injection Vulnerability in MOVEit Transfer by Progress
CVE-2021-38159
9.8CRITICAL
What is CVE-2021-38159?
In various versions of MOVEit Transfer prior to 2021.0.4, an SQL injection vulnerability exists that enables unauthenticated remote attackers to exploit the web application. By crafting specific strings directed at unique MOVEit Transfer transaction types, attackers could retrieve sensitive information about the database's structure and contents or potentially execute commands that could alter or delete database elements. This vulnerability underscores the importance of updating to the latest security fixes to mitigate risks.