CVE-2023-34362Progress MOVEit Transfer SQL Injection Vulnerability

PUBLISHEDvulnerability record
2023-06-02 · last modified June 21, 2025

Metadata

CVE ID:
CVE-2023-34362
项目:
Progress
产品:
MOVEit Transfer
添加日期:
2023-06-02
到期日:
2023-06-23
最后更新:
June 21, 2025

漏洞名称

Progress MOVEit Transfer SQL Injection Vulnerability

描述

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.

已知用于勒索软件活动吗?

勒索软件状态:
KNOWN

采集行动

Apply updates per vendor instructions.

其他说明

相关新闻文章

相关 CWE