WRITEUP #933

CVE-2023-36934: Progress Software MOVEit Transfer SQL Injection Remote Code Execution Vulnerability

SQL InjectionRCESecurity code review

by@glederfein(Guy Lederfein)

Program

Progress (MOVEit Transfer)

Published

Jul 20, 2023

Added to HackDex

Jul 24, 2023

Read Full Writeuphttps://www.zerodayinitiative.com/blog/2023/7/19/cve-2023-36934-progress-software-moveit-transfer-sql-injection-remote-code-execution-vulnerability

▸ RELATED WRITEUPS

Exploiting authorization by nonce in WordPress plugins

RCEArbitrary file upload

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Spip Preauth RCE 2024: Part 2, A Big Upload

RCEFile upload

Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670

SQL InjectionReverse engineering

Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle

RCESecurity code review

Built with ❤️ by Shubham Rawat