vulnerability

Progress MOVEit Transfer: CVE-2023-36934: SQL injection vulnerability in MOVEit Transfer web application

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:C/A:N)	Jul 6, 2023	Jul 7, 2023	Nov 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:N)

Published

Jul 6, 2023

Added

Jul 7, 2023

Modified

Nov 27, 2025

Description

A SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database.

Solution

progress-moveit-transfer-upgrade-latest

References

CWE-89
CVE-2023-36934
https://attackerkb.com/topics/CVE-2023-36934
URL-https://community.progress.com/s/article/ka74Q000000L9ShQAK

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today