| Reporter | Title | Published | Views | Family All 83 |
|---|---|---|---|---|
| Exploit for SQL Injection in Progress Moveit_Cloud | 9 Jul 202318:44 | – | githubexploit | |
| Exploit for SQL Injection in Progress Moveit_Cloud | 9 Jun 202319:07 | – | githubexploit | |
| Exploit for SQL Injection in Progress Moveit_Cloud | 6 Jun 202618:25 | – | githubexploit | |
| Exploit for SQL Injection in Progress Moveit_Cloud | 28 Jun 202417:13 | – | githubexploit | |
| Exploit for SQL Injection in Progress Moveit_Cloud | 31 Aug 202313:25 | – | githubexploit | |
| Exploit for SQL Injection in Progress Moveit_Cloud | 6 May 202600:17 | – | githubexploit | |
| Exploit for Improper Input Validation in Lexmark Cxtpc_Firmware | 7 Aug 202320:55 | – | githubexploit | |
| Exploit for SQL Injection in Progress Moveit_Cloud | 28 Jul 202505:55 | – | githubexploit | |
| Exploit for SQL Injection in Progress Moveit_Cloud | 21 Jan 202605:03 | – | githubexploit | |
| Exploit for SQL Injection in Progress Moveit_Cloud | 16 Jun 202300:39 | – | githubexploit |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| grant_type | request body | api/v1/token | MOVEit Transfer API token endpoint vulnerable to SQL injection via login flow in exploit; parameterized inputs may be unsafely processed leading to SQLi. | CWE-89 |
| username | request body | api/v1/token | MOVEit Transfer API token endpoint vulnerable to SQL injection via login flow in exploit; parameterized inputs may be unsafely processed leading to SQLi. | CWE-89 |
| password | request body | api/v1/token | MOVEit Transfer API token endpoint vulnerable to SQL injection via login flow in exploit; parameterized inputs may be unsafely processed leading to SQLi. | CWE-89 |
| Authorization | header | api/v1/folders | Directory listing via API may be used in conjunction with SQLi in folder/file upload flows to reach backend data; requires token in header. | CWE-89 |
| id | path / query param | api/v1/folders/{id}/files?uploadType=resumable | Resumable file upload endpoint used in exploit to stage a payload; potential SQLi/vector through path param and query string. | CWE-89 |
| uploadType | path / query param | api/v1/folders/{id}/files?uploadType=resumable | Resumable file upload endpoint used in exploit to stage a payload; potential SQLi/vector through path param and query string. | CWE-89 |
| fileId | path | api/v1/files/{fileId} | Access to file resource; used in exploit to leak encryption key and trigger deserialization gadget; parameter is vulnerable to injection in some flows. | CWE-89 |
| Transaction | body | guestaccess.aspx | Guest access flow used to achieve CSRF and SQLi payload delivery; vulnerable through POST body parameters. | CWE-89 |
| Arg06 | body | guestaccess.aspx | Guest access flow used to achieve CSRF and SQLi payload delivery; vulnerable through POST body parameters. | CWE-89 |
| Arg12 | body | guestaccess.aspx | Guest access flow used to achieve CSRF and SQLi payload delivery; vulnerable through POST body parameters. | CWE-89 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation