SQL injection vulnerabilities in MOVEit Transfer - CVE-2019-18464ID: oval:org.secpod.oval:def:92846 | Date: (C)2023-09-05 (M)2023-09-05 |
Class: VULNERABILITY | Family: windows |
The host is installed with MOVEit Transfer 11.1 before 11.1.3, 11.0 before 11.0.4 or 10.2.0 and less than 10.2.6 and is prone to a Multiple sql injection vulnerabilities vulnerability. A flaw is present in the applications which fails to properly handle issues in database. Successful exploitation allow remote attackers to to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements which alter or destroy database elements.
Platform: |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |