← back
CVE-2023-36934

CVE-2023-36934

EPSS 94.8%
Vexday Risk Score
40Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 94.8%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
05 Jul 2023Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023https://www.progress.com/moveit