Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-36932 - Vulnerability Database
MOVEit Transfer

MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-36932

High
Reference: CVE-2023-36932
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-36932
Title: MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

In Progress MOVEit Transfer before 2020.1.11 (12.1.11) 2021.0.9 (13.0.9) 2021.1.7 (13.1.7) 2022.0.7 (14.0.7) 2022.1.8 (14.1.8) and 2023.0.4 (15.0.4) multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.