Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Progress Software MOVEit Transfer SQL注入漏洞
Vulnerability Description
Progress Software MOVEit Transfer是美国Progress Software公司的一套自动化的文件传输软件。该软件支持文件传输,并提供文件传输活动监控功能。 Progress Software MOVEit Transfer 10.2.6 (2018.3)之前的10.2版本、11.0.4 (2019.0.4)之前的11.0版本和11.1.3 (2019.1.3)之前的11.1版本中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞
CVSS Information
N/A
Vulnerability Type
N/A