Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-40043 - Vulnerability Database
MOVEit Transfer

MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-40043

High
Reference: CVE-2023-40043
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-40043
Title: MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) 2022.0.8 (14.0.8) 2022.1.9 (14.1.9) 2023.0.6 (15.0.6) a SQL injection vulnerability has been identified in the MOVEit Transfer web interfacethat could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. AMOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.