Skip to content
feed: live about
>_ 0dayNews
CVE Record
[ CRITICAL ] CVE-2023-34362

MOVEit Transfer SQL Injection Leading to Remote Code Execution

A SQL injection vulnerability in Progress Software's MOVEit Transfer web application allowed unauthenticated attackers to access the underlying database and, in many cases, deploy a web shell for remote code execution. Exploited at mass scale by the Clop ransomware group starting May 2023.

cat cve-2023-34362.json
Vendor
Progress Software
Product
MOVEit Transfer
CVSS
9.8
Status
kev
Published

CVE-2023-34362 is a SQL injection vulnerability in Progress Software’s MOVEit Transfer managed file-transfer product. Unauthenticated attackers could send crafted HTTP requests to the application’s web interface, gain access to the underlying database, and in many observed cases drop a web shell to achieve remote code execution.

The flaw was added to the CISA Known Exploited Vulnerabilities (KEV) catalog after the Clop ransomware group began exploiting it at scale beginning around May 27, 2023 — before a public patch existed, making it a true zero-day at the time of first exploitation. Progress Software disclosed and patched the issue on June 2, 2023.

Why it mattered

MOVEit Transfer is widely used by enterprises and government agencies to move sensitive files, including PII and financial records. The mass-exploitation campaign tied to this CVE became one of the largest single-vulnerability data-theft events of 2023, affecting hundreds of organizations and tens of millions of individuals whose data was exfiltrated before extortion demands were issued.

See CISA’s KEV catalog and Progress Software’s own advisory for remediation guidance and indicators of compromise.