Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7), 2019.1.6 (11.1.6), 2019.2.3 (11.2.3), 2020.0.6 (12.0.6), 2020.1.5 (12.1.5), and 2021.0.3 (13.0.3).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Progress Software MOVEit Transfer SQL注入漏洞
Vulnerability Description
Progress Software MOVEit Transfer是美国Progress Software公司的一套文件传输软件。 Progress Software MOVEit Transfer 存在SQL注入漏洞,该漏洞源于 MOVEit Transfer web application 中的 SQL 注入可能允许经过身份验证的远程攻击者访问数据库。
CVSS Information
N/A
Vulnerability Type
N/A