CVE-2023-40043— MOVEit Transfer System Administrator SQL Injection

CVSS 7.2 · High EPSS 0.47% · P65 Updated Feb 28, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-40043

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

MOVEit Transfer System Administrator SQL Injection

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Progress MOVEit Transfer SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Progress MOVEit Transfer是Progress公司的一款安全的托管文件传输应用程序。 Progress MOVEit Transfer 存在安全漏洞。攻击者利用该漏洞导致 MOVEit 数据库内容的修改和泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Progress Software Corporation	MOVEit Transfer	2023.0.0 (15.0.0) ~ 2023.0.6 (15.0.6)	-

II. Public POCs for CVE-2023-40043

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-40043

请登录查看更多情报信息。

Same Patch Batch · Progress Software Corporation · 2023-09-20 · 3 CVEs total

CVE-2023-42660	8.8 HIGH	MOVEit Transfer Machine Interface SQL Injection
CVE-2023-42656	6.1 MEDIUM	MOVEit Transfer Reflected XSS

IV. Related Vulnerabilities

Same product: MOVEit Transfer

Same vendor: Progress Software Corporation

Same weakness: CWE-89

V. Comments for CVE-2023-40043

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-40043— MOVEit Transfer System Administrator SQL Injection

I. Basic Information for CVE-2023-40043

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-40043

III. Intelligence Information for CVE-2023-40043

Same Patch Batch · Progress Software Corporation · 2023-09-20 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-40043

Leave a comment