Sql injection

2023-06-1604:15:00

PRIOn knowledge base

www.prio-n.com

moveit transfer

web application

sql injection

vulnerability

unauthorized access

database

dll drop-in

nvd

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).

CPENameOperatorVersion
moveit_transferlt2020.1.10
moveit_transferge2021.0.6
moveit_transferlt2021.0.8
moveit_transferge2021.1.4
moveit_transferlt2021.1.6
moveit_transferge2022.0.4
moveit_transferlt2022.0.6
moveit_transferge2022.1.5
moveit_transferlt2022.1.7
moveit_transferge2023.0.1

Name	Operator	Version
moveit_transfer	lt	2020.1.10
moveit_transfer	ge	2021.0.6
moveit_transfer	lt	2021.0.8
moveit_transfer	ge	2021.1.4
moveit_transfer	lt	2021.1.6
moveit_transfer	ge	2022.0.4
moveit_transfer	lt	2022.0.6
moveit_transfer	ge	2022.1.5
moveit_transfer	lt	2022.1.7
moveit_transfer	ge	2023.0.1