writeups.xyz / CVE-2023-36934: Progress Software MOVEit Transfer SQL Injection Remote Code Execution Vulnerability

Submitter : c2a

Date: 20 July 2023

Bounty : undisclosed

Vulnerabilities :

• SQL Injection
• RCE
• Security Code Review

Programs :

• Progress (MOVEit Transfer)

Authors :

• Guy Lederfein (@Glederfein)
• Lucas Miller

Link :
https://www.zerodayinitiative.com/blog/2023/7/19/cve-2023-36934-progress-software-moveit-transfer-sql-injection-remote-code-execution-vulnerability