vulnerability
Progress MOVEit Transfer: CVE-2023-36934: Improper Neutralization of Special Elements used in an SQL Command
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | Jul 5, 2023 | Jul 7, 2023 | Feb 11, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
Jul 5, 2023
Added
Jul 7, 2023
Modified
Feb 11, 2026
Description
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Solution
progress-moveit-transfer-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.