Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) - CVE-2023-36934 - Vulnerability Database
MOVEit Transfer

MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) - CVE-2023-36934

Critical
Reference: CVE-2023-36934
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-36934
Title: MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)
Overview:

In Progress MOVEit Transfer before 2020.1.11 (12.1.11) 2021.0.9 (13.0.9) 2021.1.7 (13.1.7) 2022.0.7 (14.0.7) 2022.1.8 (14.1.8) and 2023.0.4 (15.0.4) a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.