CVE-2021-38159
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-38159
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Progress Software MOVEit Transfer SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Progress Software MOVEit Transfer是美国Progress Software公司的一套文件传输软件。 Progress MOVEit Transfer存在SQL注入漏洞,该漏洞允许未经身份验证的远程攻击者可利用该漏洞获得对数据库的访问。根据使用的数据库引擎(MySQL, Microsoft SQL Server,或Azure SQL),攻击者可利用该漏洞可能能够推断有关数据库的结构和内容的信息,或执行SQL语句,修改或删除数据库元素,通过手工字符串发送到唯一的MOVEit T
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2021-38159
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-38159
请登录查看更多情报信息。
- MOVEit Secure Managed File Transfer Software | Progressx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-38159
Same Patch Batch · n/a · 2021-08-07 · 12 CVEs total
| CVE-2021-38173 | btrbk 命令注入漏洞 | |
| CVE-2021-38168 | Roxy-WI SQL注入漏洞 | |
| CVE-2021-38169 | Roxy-WI 命令注入漏洞 | |
| CVE-2021-38167 | Roxy-WI SQL注入漏洞 | |
| CVE-2021-38166 | Linux kernel 输入验证错误漏洞 | |
| CVE-2021-38165 | Lynx 安全漏洞 | |
| CVE-2021-29923 | Google Golang 安全漏洞 | |
| CVE-2021-38160 | Linux kernel 安全漏洞 | |
| CVE-2021-38148 | Obsidian 安全漏洞 | |
| CVE-2021-29922 | Rust 安全漏洞 | |
| CVE-2021-38185 | cpio 输入验证错误漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2021-38159
No comments yet