SQL injection vulnerability in MOVEit Transfer - CVE-2020-8611ID: oval:org.secpod.oval:def:96165 | Date: (C)2023-12-27 (M)2023-12-27 |
Class: VULNERABILITY | Family: windows |
The host is installed with MOVEit Transfer 2019.1.x before 2019.1.4 (11.1.4) or 2019.2.x before 2019.2.1 (11.2.1) and is prone to a SQL injection vulnerability. A flaw is present in the application, which fails to properly handle REST API. Successful exploitation could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements which alter or destroy database elements.
Platform: |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |