Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Progress Software MOVEit Transfer SQL注入漏洞
Vulnerability Description
Progress Software MOVEit Transfer是美国Progress Software公司的一套文件传输软件。 Progress MOVEit Transfer存在SQL注入漏洞,该漏洞允许未经身份验证的远程攻击者可利用该漏洞获得对数据库的访问。根据使用的数据库引擎(MySQL, Microsoft SQL Server,或Azure SQL),攻击者可利用该漏洞可能能够推断有关数据库的结构和内容的信息,或执行SQL语句,修改或删除数据库元素,通过手工字符串发送到唯一的MOVEit T
CVSS Information
N/A
Vulnerability Type
N/A