17 matches found
CVE-2023-34362
MOVEit Transfer CVE-2023-34362 is a SQL injection vulnerability in the MOVEit Transfer web app that allows an unauthenticated attacker to access MOVEit databases. Affected versions include 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), with all ...
CVE-2023-35036
MOVEit Transfer is affected by a SQL injection vulnerability in its web application. Connected sources confirm an unauthenticated attacker could modify and disclose MOVEit’s database content due to how SQL queries are constructed. Affected versions include pre-2021.0.7 (13.0.7), 2021.1.5 (13.1.5)...
CVE-2023-35708
MOVEit Transfer is affected by a SQL injection in the web application that can allow an unauthenticated attacker to modify and disclose MOVEit’s database content. Affected versions include 2020.1.10 (12.1.10) and 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023...
CVE-2023-36934
MOVEit Transfer web application (versions 12.1.11, 13.0.9, 13.1.7, 14.0.7, 14.1.8, 15.0.4 and earlier) is affected by a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit database by sending a crafted payload to an application endpoi...
CVE-2021-38159
CVE-2021-38159 affects Progress MOVEit Transfer web applications; versions before 2021.0.4 (13.0.4) are vulnerable to unauthenticated SQL injection. An attacker could access the backend database, potentially inferring schema/data or executing statements that alter or delete elements, with impact ...
CVE-2023-40043
CVE-2023-40043 affects Progress MOVEit Transfer: a SQL injection in the web interface could let a MOVEit system administrator submit a crafted payload to modify and disclose database content. Affected are MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14....
CVE-2023-36932
MOVEit Transfer contains CVE-2023-36932, a SQL injection vulnerability in the web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database by submitting crafted payloads to an application endpoint. Affected versions include pre-2020.1.11 (...
CVE-2023-42660
CVE-2023-42660 affects Progress MOVEit Transfer: a SQL injection in the MOVEit Transfer machine interface (web/machine interface) in versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6) could let an authenticated attacker gain unauthorized access to ...
CVE-2024-2291
CVE-2024-2291 (MOVEit Transfer) is a logging bypass vulnerability affecting MOVEit Transfer versions prior to 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), and 2023.1.4 (15.1.4). An authenticated user can manipulate a request to bypass the web application’s logging mechanism, causi...
CVE-2023-36933
CVE-2023-36933 affects Progress MOVEit Transfer: an attacker could invoke a method that triggers an unhandled exception, causing the MOVEit Transfer application to terminate. Affected versions include pre-2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15...
CVE-2024-0396
CVE-2024-0396 affects Progress MOVEit Transfer. An authenticated user can manipulate a parameter in an HTTPS transaction, causing computational errors and potentially a denial of service. Affected versions include before 2022.0.10 (14.0.10), before 2022.1.11 (14.1.11), before 2023.0.8 (15.0.8), a...
CVE-2021-33894
MOVEit Transfer contains a SQL injection vulnerability in SILUtility.vb within MOVEit.DMZ.WebApp affecting multiple release lines (2019.x, 2020.x, 2021.x up to 2021.0.1). An authenticated attacker could access the database, and depending on the engine (MySQL, Microsoft SQL Server, or Azure SQL) p...
CVE-2021-31827
CVE-2021-31827 affects MOVEit Transfer (DMZ) up to version 2020.1 (12.1.1.116). The vulnerability is a SQL Injection in MOVEit.DMZ.WebApp’s SILHuman.vb (FolderApplySettingsRecurs path) that requires authentication and can allow an attacker to access the MOVEit Transfer database, infer schema/cont...
CVE-2020-28647
MOVEit Transfer (pre-2020.1) is affected by a stored XSS vulnerability: a malicious payload crafted by an attacker can be stored in the app and, when a user interacts with it, execute arbitrary code in the victim’s browser. Public advisories and a GitHub exploit example describe the existence of ...
CVE-2021-37614
In Progress MOVEit Transfer, a SQL injection vulnerability exists in the MOVEit Transfer web application for certain versions prior to 2021.0.3 (13.0.3). An authenticated remote attacker could potentially access the backend database, with the impact depending on the database engine (MySQL, Micros...
CVE-2023-42656
CVE-2023-42656 affects MOVEit Transfer prior to 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), and 2023.0.6 (15.0.6). The issue is a reflected cross-site scripting (XSS) vulnerability in MOVEit Transfer’s web interface. An attacker could craft a malicious payload during the package comp...
CVE-2025-13147
CVE-2025-13147 concerns Progress MOVEit Transfer. A(Server-Side) SSRF vulnerability exists in MOVEit Transfer core handling, affecting versions before 2024.1.8 and 2025.0.0 up to before 2025.0.4. The issue allows an attacker to cause the server to make unauthorized requests, potentially accessing...