cbcvebase.
CVE-2023-42660
published 2023-09-20

CVE-2023-42660: In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability…

PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.58%
43.2th percentile
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.

Affected

8 ranges
VendorProductVersion rangeFixed in
progressmoveit_transfer< 2021.1.82021.1.8
progressmoveit_transfer>= 2022.0.0 < 2022.0.82022.0.8
progressmoveit_transfer>= 2022.1.0 < 2022.1.92022.1.9
progressmoveit_transfer>= 2023.0.0 < 2023.0.62023.0.6
progress_software_corporationmoveit_transfer>= 2021.1.0 (13.1.0) < 2021.1.8 (13.1.8)2021.1.8 (13.1.8)
progress_software_corporationmoveit_transfer>= 2022.0.0 (14.0.0) < 2022.0.8 (14.0.8)2022.0.8 (14.0.8)
progress_software_corporationmoveit_transfer>= 2022.1.0 (14.1.0) < 2022.1.9 (14.1.9)2022.1.9 (14.1.9)
progress_software_corporationmoveit_transfer>= 2023.0.0 (15.0.0) < 2023.0.6 (15.0.6)2023.0.6 (15.0.6)
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.