Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-35036 - Vulnerability Database
MOVEit Transfer

MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-35036

Critical
Reference: CVE-2023-35036
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-35036
Title: MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

In Progress MOVEit Transfer before 2021.0.7 (13.0.7) 2021.1.5 (13.1.5) 2022.0.5 (14.0.5) 2022.1.6 (14.1.6) and 2023.0.2 (15.0.2) SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer39s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.