module
MOVEit SQL Injection vulnerability
| Disclosed |
|---|
| May 31, 2023 |
Disclosed
May 31, 2023
Description
This module exploits an SQL injection vulnerability in the MOVEit Transfer web application
that allows an unauthenticated attacker to gain access to MOVEit Transfer's database.
Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an
attacker can leverage an information leak be able to upload a .NET deserialization payload.
that allows an unauthenticated attacker to gain access to MOVEit Transfer's database.
Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an
attacker can leverage an information leak be able to upload a .NET deserialization payload.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.