Sql injection

2023-07-0516:15:00

PRIOn knowledge base

www.prio-n.com

moveit transfer

sql injection

web application

unauthorized access

vulnerability

9.3 High

AI Score

Confidence

High

0.153 Low

EPSS

Percentile

95.9%

JSON

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

CPENameOperatorVersion
moveit_transferge15.0.0
moveit_transferlt15.0.4
moveit_transferge14.1.0
moveit_transferlt14.1.8
moveit_transferge14.0.0
moveit_transferlt14.0.7
moveit_transferge13.1.0
moveit_transferlt13.1.7
moveit_transferge13.0.0
moveit_transferlt13.0.9

Name	Operator	Version
moveit_transfer	ge	15.0.0
moveit_transfer	lt	15.0.4
moveit_transfer	ge	14.1.0
moveit_transfer	lt	14.1.8
moveit_transfer	ge	14.0.0
moveit_transfer	lt	14.0.7
moveit_transfer	ge	13.1.0
moveit_transfer	lt	13.1.7
moveit_transfer	ge	13.0.0
moveit_transfer	lt	13.0.9