← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-34362 — Actively Exploited: MOVEit Transfer (Progress)

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structur

CVE IDCVE-2023-34362
VendorProgress
ProductMOVEit Transfer
Vulnerability nameProgress MOVEit Transfer SQL Injection Vulnerability
Date added2023-06-02
Remediation due2023-06-23
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionProgress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alte
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →