CVE-2023-34362: MOVEit Transfer SQL Injection

Score: 9.8
CRITICAL
Published: 2023-05-31Affected: Progress MOVEit Transfer < 2023.0.1CWE-89 β†—

What was the MOVEit Transfer vulnerability?

A critical SQL injection vulnerability in MOVEit Transfer web application. Unauthenticated attackers can send crafted payloads to the MOVEit Transfer application endpoint to gain access to the database and execute arbitrary code.

Impact & Exploitation

Exploited by Cl0p ransomware group in a mass-exploitation campaign affecting 2,000+ organizations and 60+ million individuals including government agencies, banks, and healthcare providers.

Related Resources

πŸ” Related CWE Entries

πŸ“‹ OWASP Top 10

πŸ“– Security Guides

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.8
SeverityCRITICAL
CWECWE-89
Published2023-05-31

Tags

sql-injectionransomwarefile-transferzero-day

Quick Links

Is your system affected?

Precogs AI detects MOVEit Transfer SQL Injection in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2023-34362 MOVEit Transfer SQL Injection don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo