Sep 21 2023

MOVEit Transfer SQL Injection Let the Attacker Gain Unauthorized Access to the Database

Category: Authentication,data securitydisc7 @ 9:17 am

MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2) and a Reflected Cross-Site Scripted (XSS). The severity for these vulnerabilities ranges between 6.1 (Medium) and 8.8 (High).

Progress-owned MOVEit transfer was popularly exploited by threat actors who attacked several organizations as part of a ransomware campaign. The organizations previously reported to be affected by MOVEit vulnerability include ShellBBC, British AirwaysCalPERSHoneywell, and US government agencies.

CVE-2023-42660: MOVEit Transfer SQL Injection

This SQL injection vulnerability was discovered on the MOVEit Transfer machine interface, which could lead to gaining unauthorized access to the MOVEit Transfer database. A threat actor could exploit this vulnerability by submitting a crafted payload to the MOVEit Transfer machine interface. 

Successful exploitation could result in the modification and disclosure of MOVEit database content. However, a threat actor must be authenticated to exploit this vulnerability. Progress has given the severity of this vulnerability as 8.8 (High).

Products affected by this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. Users are recommended to upgrade to the September Service Pack to fix this vulnerability.

CVE-2023-40043: MOVEit Transfer SQL Injection

This other SQL injection vulnerability exists in the MOVEit Transfer web interface, which could possibly lead to gaining unauthorized access to the MOVEit Transfer database. A threat actor could exploit this vulnerability by submitting a crafted payload to the MOVEit Transfer web interface.

Successful exploitation could result in the modification and disclosure of MOVEit database content. The prerequisite for a threat actor to exploit this vulnerability includes access to a MOVEit system administrator account. Progress has given the severity of this vulnerability as 7.2 (High).

Products that are affected by this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. To prevent this vulnerability, users are recommended to Upgrade to the September Service Pack and limit sysadmin account access.

CVE-2023-42656: MOVEit Transfer Reflected XSS

This Reflected XSS vulnerability was found in the MOVEit Transfer’s web interface, which a malicious payload can exploit during the package composition procedure. A threat could craft a malicious payload and target MOVEit Transfer users. When interacting with the payload, the threat actor can execute malicious JavaScript on the victim’s browser.

Progress has given the severity of this vulnerability as 6.1 (Medium). Products affected due to this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. To prevent this vulnerability, users are recommended to Upgrade to September Service Pack and limit sysadmin account access.

A comprehensive list of vulnerable product versions, documentation, release notes, and fixed versions has been given below.

Affected VersionFixed Version (Full Installer)DocumentationRelease Notes
MOVEit Transfer 2023.0.x (15.0.x)MOVEit Transfer 2023.0.6 (15.0.6)MOVEit 2023 Upgrade Documentation   MOVEit Transfer 2023.0.6 Release Notes
MOVEit Transfer 2022.1.x (14.1.x)MOVEit Transfer 2022.1.9 (14.1.9)MOVEit 2022 Upgrade Documentation  MOVEit Transfer 2022.1.9 Release Notes
MOVEit Transfer 2022.0.x (14.0.x)MOVEit Transfer 2022.0.8 (14.0.8)MOVEit 2022 Upgrade Documentation  MOVEit Transfer 2022.0.8 Release Notes
MOVEit Transfer 2021.1.x (13.1.x)MOVEit Transfer 2021.1.8 (13.1.8)MOVEit 2021 Upgrade Documentation  MOVEit Transfer 2021.1.8 Release Notes
MOVEit Transfer 2021.0.x (13.0.x) or olderMust Upgrade to a Supported VersionSee MOVEit Transfer Upgrade and N/A
Migration Guide  

A security advisory has been released by Progress which includes a comprehensive list of the affected products and the vulnerabilities that have been identified.

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: MOVEit, SQL injection

Leave a Reply

You must be logged in to post a comment. Login now.