4 matches found
Palantir Public: SQL Injection at https://files.palantir.com/ due to CVE-2021-38159
A vulnerability was discovered in an Internet-facing asset files.palantir.com. A proof of concept POC was developed and used to validate the finding. The vulnerability was patched and resolved. Blog about this vulnerability published. You can read full detail here:...
CVE-2021-38159
creationtimestamp| type| source ---|---|--- 2021-08-07 20:34:33+00:00| seen| https://t.me/cibsecurity/26967 2022-04-05 13:51:54+00:00| published-proof-of-concept| https://t.me/ctinow/49716...
CVE-2021-38159
In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...
CVE-2021-38159
CVE-2021-38159 affects Progress MOVEit Transfer web applications; versions before 2021.0.4 (13.0.4) are vulnerable to unauthenticated SQL injection. An attacker could access the backend database, potentially inferring schema/data or executing statements that alter or delete elements, with impact ...