SQL Injection Vulnerability in Progress MOVEit Transfer
CVE-2023-36934

9.1CRITICAL

Key Information:

Vendor: Progress
Status: Moveit Transfer
Vendor: CVE Published:; 5 July 2023

Summary

A SQL injection vulnerability has been discovered in the MOVEit Transfer web application. This flaw allows an unauthenticated attacker to exploit certain application endpoints, potentially leading to unauthorized access and manipulation of the MOVEit Transfer database. Attackers can craft specific payloads that may result in both the modification and disclosure of sensitive database content, posing significant risks to data integrity and confidentiality.

References

https://www.progress.com/moveit

https://community.progress.com/s/article/MOVEit-Transfer-...

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 5, 2023
Vulnerability Reserved
Jun 28, 2023