Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Progress Software MOVEit Transfer SQL注入漏洞
Vulnerability Description
Progress Software MOVEit Transfer是美国Progress Software公司的一套文件传输软件。 Progress Software MOVEit Transfer 2019.1.4之前的2019.1版本和2019.2.1之前的2019.2版本中的REST API存在SQL注入漏洞。攻击者可利用该漏洞访问MOVEit Transfer数据库,并可能推测出数据库的结构和内容,执行SQL语句。
CVSS Information
N/A
Vulnerability Type
N/A