CVE-2023-42660SQL Injection in Software Corporation Moveit Transfer

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Progress Software Corporation Moveit TransferProgress Moveit Transfer
Timeline
PublishedSep 20

Description

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDprogress/moveit_transfer2022.0.02022.0.8+3
CVEListV5progress_software_corporation/moveit_transfer2023.0.0 (15.0.0)2023.0.6 (15.0.6)+3

🔴Vulnerability Details

2
GHSA
GHSA-fj85-rvr5-wpxv: In Progress MOVEit Transfer versions released before 20212023-09-20
CVEList
MOVEit Transfer Machine Interface SQL Injection2023-09-20
CVE-2023-42660 — SQL Injection | cvebase