vulnerability

Progress MOVEit Transfer: CVE-2023-42660: Improper Neutralization of Special Elements used in an SQL Command

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Sep 20, 2023	Dec 13, 2024	Feb 11, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Sep 20, 2023

Added

Dec 13, 2024

Modified

Feb 11, 2026

Description

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.

Solution

progress-moveit-transfer-upgrade-latest

References

CVE-2023-42660
https://attackerkb.com/topics/CVE-2023-42660
URL-https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023
URL-https://www.progress.com/moveit
CWE-89

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today