CVE-2023-34362 – MOVEit SQL Injection

Jun 5, 2023

A SQL injection vulnerability has been identified in Progress MOVEit Transfer. This vulnerability has the potential to enable unauthorized access to the database by an unauthenticated attacker. The severity of the breach varies based on the specific database engine being utilized (such as MySQL, Microsoft SQL Server, or Azure SQL). Exploiting this vulnerability could lead to the exposure of sensitive database information, as well as the execution of SQL commands that modify or remove elements within the database.

Information on mitigations and workaround have been made available by Progress on the reference below:

Reference

Related Posts

Zyxel CVE-2023-28771 – Command Injection

Advantech WebAccess/SCADA Advisory

Exploited in the wild: Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868)