Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-42660 - Vulnerability Database
MOVEit Transfer

MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2023-42660

High
Reference: CVE-2023-42660
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-42660
Title: MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) 2022.0.8 (14.0.8) 2022.1.9 (14.1.9) 2023.0.6 (15.0.6) a SQL injection vulnerability has been identified in the MOVEit Transfer machine interfacethat could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.