CVE-2023-36932SQL Injection in Moveit Transfer

CWE-89SQL Injection3 documents3 sources
Severity
8.1HIGHNVD
EPSS
15.7%
top 5.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Progress Moveit Transfer
Timeline
PublishedJul 5

Description

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

NVDprogress/moveit_transfer2021.02021.0.9+5

🔴Vulnerability Details

2
CVEList
CVE-2023-36932: In Progress MOVEit Transfer before 20202023-07-05
GHSA
GHSA-hfhw-g83v-2357: In Progress MOVEit Transfer before 20202023-07-05
CVE-2023-36932 — SQL Injection in Moveit Transfer | cvebase