SQL Injection in MOVEit Transfer (15.0.4) enabling unauth DB access: CVE-2023-36934 July 2023

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

Products Associated with CVE-2023-36934

Want to know whenever a new CVE is published for Progress Moveit Transfer? stack.watch will email you.

Exploit Probability

EPSS

91.53%

Percentile

99.66%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SQL Injection in MOVEit Transfer (15.0.4) enabling unauth DB accessCVE-2023-36934 Published on July 5, 2023

Products Associated with CVE-2023-36934

Exploit Probability

SQL Injection in MOVEit Transfer (15.0.4) enabling unauth DB access
CVE-2023-36934 Published on July 5, 2023