The host is installed with MOVEit Transfer 11.0 before 11.0.2, 11.1 before 11.1.1 or 10.2.0 before 10.2.4 and is prone to a SQL injection vulnerability. A flaw is present in the applications which fails to properly handle issues in database. Successful exploitation allow remote attackers to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements which alter or destroy database elements.