vulnerability
Progress MOVEit Transfer: CVE-2023-40043: Improper Neutralization of Special Elements used in an SQL Command
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:C) | Sep 20, 2023 | Dec 13, 2024 | Feb 11, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
Sep 20, 2023
Added
Dec 13, 2024
Modified
Feb 11, 2026
Description
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator
could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.
could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.
Solution
progress-moveit-transfer-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.