SQL Injection Vulnerabilities in MOVEit Transfer by Progress
CVE-2023-36932

8.1HIGH

Key Information:

Vendor: Progress
Status: Moveit Transfer
Vendor: CVE Published:; 5 July 2023

Summary

Multiple SQL injection vulnerabilities exist in the MOVEit Transfer web application prior to version 2020.1.11. An authenticated attacker could exploit these vulnerabilities by submitting specially crafted payloads to the application endpoints. This could potentially allow unauthorized access to the MOVEit Transfer database, enabling attackers to modify or disclose sensitive database content.

References

https://www.progress.com/moveit

https://community.progress.com/s/article/MOVEit-Transfer-...

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 5, 2023
Vulnerability Reserved
Jun 28, 2023