Sql injection

2023-07-0516:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

moveit transfer

web application

vulnerability

authenticated attacker

unauthorized access

database modification

disclosure

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

CPENameOperatorVersion
moveit_transferlt2020.1.11
moveit_transferge2023.0.0
moveit_transferlt2023.0.4
moveit_transferge2022.1.0
moveit_transferlt2022.1.8
moveit_transferge2022.0.0
moveit_transferlt2022.0.7
moveit_transferge2021.1.0
moveit_transferlt2021.1.7
moveit_transferge2021.0

Name	Operator	Version
moveit_transfer	lt	2020.1.11
moveit_transfer	ge	2023.0.0
moveit_transfer	lt	2023.0.4
moveit_transfer	ge	2022.1.0
moveit_transfer	lt	2022.1.8
moveit_transfer	ge	2022.0.0
moveit_transfer	lt	2022.0.7
moveit_transfer	ge	2021.1.0
moveit_transfer	lt	2021.1.7
moveit_transfer	ge	2021.0