Known Exploited Vulnerability
9.8
CRITICAL CVSS 3.1
CVE-2023-34362
Progress MOVEit Transfer SQL Injection Vulnerability - [Actively Exploited]
Description

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.

INFO

Published Date :

June 2, 2023, 2:15 p.m.

Last Modified :

Dec. 20, 2024, 5:49 p.m.

Remotely Exploit :

Yes !
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.

Required Action :

Apply updates per vendor instructions.

Notes :

This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023.; https://nvd.nist.gov/vuln/detail/CVE-2023-34362

Affected Products

The following products are affected by CVE-2023-34362 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Progress moveit_transfer
2 Progress moveit_cloud
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 CRITICAL 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
This information is provided by the 3rd party feeds.
  • Upgrade to Progress MOVEit Transfer version 2021.0.6, 2021.1.4, 2022.0.4, 2022.1.5, 2023.0.1, or later or apply the special patch for version 2020.1.x.
Public PoC/Exploit Available at Github

CVE-2023-34362 has a 44 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-34362 is associated with the following CWEs:

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 15, 2025, 9:07 a.m. This repo has been linked 310 different CVEs too.

None

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : July 31, 2025, 7:22 p.m. This repo has been linked 2 different CVEs too.

None

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : July 28, 2025, 12:43 p.m. This repo has been linked 2 different CVEs too.

Threat-Informed Detection & Mitigation Package for MOVEit Transfer Vulnerability

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : July 28, 2025, 5:55 a.m. This repo has been linked 1 different CVEs too.

Recon-focused toolkit (subdomain, CVE hunting)

Python

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : July 18, 2025, 7:47 a.m. This repo has been linked 10 different CVEs too.

None

Python

Updated: 1 month, 4 weeks ago
0 stars 0 fork 0 watcher
Born at : July 5, 2025, 11:18 p.m. This repo has been linked 1 different CVEs too.

OSINTIQ: AI-Powered SOC Intelligence Hub Open-source threat intelligence enriched by AI, built for SOC analysts.

Python C JavaScript CSS PowerShell Batchfile HTML Procfile

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : June 18, 2025, 8:53 p.m. This repo has been linked 1 different CVEs too.

A Model Context Protocol server providing CVE vulnerability information query capabilities. This server enables LLMs to query detailed information for specific CVE IDs, retrieving data from MITRE's CVE database.

Python

Updated: 2 months ago
1 stars 1 fork 1 watcher
Born at : May 9, 2025, 6:54 a.m. This repo has been linked 2 different CVEs too.

Config files for my GitHub profile.

config github-config

Updated: 6 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Feb. 8, 2025, 1:13 p.m. This repo has been linked 1 different CVEs too.

Repository for LogParser scripts and other goodies

Updated: 7 months ago
0 stars 0 fork 0 watcher
Born at : Feb. 1, 2025, 4:32 p.m. This repo has been linked 2 different CVEs too.

Repository for LogParser scripts and other goodies

Updated: 7 months ago
0 stars 0 fork 0 watcher
Born at : Feb. 1, 2025, 4:17 p.m. This repo has been linked 2 different CVEs too.

Writeup for MOVEit data breach

Updated: 7 months ago
0 stars 0 fork 0 watcher
Born at : Jan. 22, 2025, 7:30 p.m. This repo has been linked 1 different CVEs too.

This repository investigates the exploitation of CVE-2023-34362 in the MOVEit file transfer server by the TA505 (Cl0p) ransomware group. It explores the group's tactics and past campaigns targeting file transfer applications, aiming to enhance understanding and defensive measures against such threats.

Updated: 1 year ago
0 stars 0 fork 0 watcher
Born at : July 4, 2024, 9:13 p.m. This repo has been linked 1 different CVEs too.

Modified RCE with a remote shell and logging

Ruby Lua

Updated: 1 year, 2 months ago
0 stars 0 fork 0 watcher
Born at : June 28, 2024, 5:13 p.m. This repo has been linked 1 different CVEs too.

Cybersecurity Breaches for Payment Industry (Billtrust & Fiserv)

Updated: 1 year, 7 months ago
0 stars 0 fork 0 watcher
Born at : Jan. 24, 2024, 2:40 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-34362 vulnerability anywhere in the article.

  • Huntress
Ten Years of Resilience, Innovation & Community-Driven Defense

The world of cybersecurity has been a wild ride over the last decade. As attackers stepped up their game year over year, the security community responded and adapted with resilience and ingenuity to e ... Read more

Published Date: Aug 25, 2025 (1 week, 2 days ago)
  • The Register
Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks

Security experts have uncovered a hole in Cl0p's data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack. The vulnerability in the Python-based software, which wa ... Read more

Published Date: Jul 02, 2025 (2 months ago)
  • The Hacker News
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Network Security / Vulnerability Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting tha ... Read more

Published Date: Jun 27, 2025 (2 months, 1 week ago)
  • Cyber Security News
Surge in Attacks Targeting MOVEit Transfer Systems – 100+ Unique IPs Used by Attackers

Researchers observed a significant increase in malicious scanning activity targeting MOVEit Transfer systems observed with over 682 unique IP addresses participating in coordinated reconnaissance and ... Read more

Published Date: Jun 26, 2025 (2 months, 1 week ago)
  • Help Net Security
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing s ... Read more

Published Date: Mar 27, 2025 (5 months, 1 week ago)
  • Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Cl0p Ransomware Exploits Cleo Vulnerability, Threatens Data Leaks

SUMMARY Cleo Vulnerability Exploited: The Cl0p ransomware group claims to have exploited a critical vulnerability in Cleo’s managed file transfer software, targeting businesses globally. Data Leak Thr ... Read more

Published Date: Dec 16, 2024 (8 months, 2 weeks ago)
  • TheCyberThrone
Top 15 Most Exploited Vulnerabilities in 2023

In a joint cybersecurity advisory, the security agencies across the world have identified the most exploited vulnerabilities of 2023. This advisory, coauthored by the Cybersecurity and Infrastructure ... Read more

Published Date: Nov 16, 2024 (9 months, 2 weeks ago)
  • SentinelOne
The State of Cloud Ransomware in 2024

Overview Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm. Cloud services inherently provide an advantage over endpoint and web server-based servic ... Read more

Published Date: Nov 14, 2024 (9 months, 2 weeks ago)
  • SentinelOne
The State of Cloud Ransomware in 2024

Overview Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm. Cloud services inherently provide an advantage over endpoint and web server-based servic ... Read more

Published Date: Nov 14, 2024 (9 months, 2 weeks ago)
  • SentinelOne
The State of Cloud Ransomware in 2024

Overview Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm. Cloud services inherently provide an advantage over endpoint and web server-based servic ... Read more

Published Date: Nov 14, 2024 (9 months, 2 weeks ago)
  • The Register
Five Eyes infosec agencies list 2024's most exploited software flaws

The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have ... Read more

Published Date: Nov 14, 2024 (9 months, 2 weeks ago)
  • Cybersecurity News
2023’s Most Exploited Vulnerabilities: A Global Cybersecurity Advisory

In a joint cybersecurity advisory, the top cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom have identified the most exploited vulnerabilities of 2 ... Read more

Published Date: Nov 14, 2024 (9 months, 2 weeks ago)
  • AttackIQ
Response to CISA Advisory (AA24-317A): 2023 Top Routinely Exploited Vulnerabilities

On November 12, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA) providing details on the Common Vulnerabilities and Exposures (CVEs) routin ... Read more

Published Date: Nov 13, 2024 (9 months, 2 weeks ago)
  • The Cyber Express
Top 15 Exploited Cyber Vulnerabilities Revealed: Five Eyes Alliance Urges Immediate Patching

The FBI, NSA, and allied agencies within the Five Eyes intelligence network have published a list of the 15 most exploited vulnerabilities from 2023. The cybersecurity advisory, a collaborative effort ... Read more

Published Date: Nov 13, 2024 (9 months, 3 weeks ago)
  • Dark Reading
Amazon Employee Data Compromised in MOVEit Breach

Source: Ian Dagnall via Alamy Stock PhotoAmazon has confirmed that its employees' data was exposed on a cybercrime forum due to the now-infamous MOVEit vulnerability.The vulnerability, tracked as CVE- ... Read more

Published Date: Nov 12, 2024 (9 months, 3 weeks ago)
  • BleepingComputer
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023

​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. A joint advis ... Read more

Published Date: Nov 12, 2024 (9 months, 3 weeks ago)
  • security.nl
VS publiceert overzicht van meest misbruikte kwetsbaarheden in 2023

De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more

Published Date: Nov 12, 2024 (9 months, 3 weeks ago)
  • The Register
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability. "Amazon and AWS systems remain secure, and we have not experienced a security ... Read more

Published Date: Nov 12, 2024 (9 months, 3 weeks ago)
  • Help Net Security
Massive troves of Amazon, HSBC employee data leaked

A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP – ostensibly compromised during the May 2023 ... Read more

Published Date: Nov 12, 2024 (9 months, 3 weeks ago)
  • Palo Alto Networks Blog
Cloud Security — Maturing Past the Awkward Teenage Years

Nathaniel Quist – Cloud Security The genesis of cloud computing can be traced back to the 1960s concept of utility computing, but it came into its own with the launch of Amazon Web Services (AWS) in 2 ... Read more

Published Date: Oct 22, 2024 (10 months, 1 week ago)

The following table lists the changes that have been made to the CVE-2023-34362 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Dec. 20, 2024

    Action Type Old Value New Value
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html
    Added Reference http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html
    Added Reference https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
  • Modified Analysis by [email protected]

    Aug. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 03, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-89
    Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Modified Analysis by [email protected]

    Jun. 27, 2024

    Action Type Old Value New Value
    Changed Reference Type http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html No Types Assigned http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html Exploit, Third Party Advisory, VDB Entry
    Changed CPE Configuration OR *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 14.0.5.45 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 14.1.0.0 up to (excluding) 14.1.6.97 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 15.0.0.0 up to (excluding) 15.0.2.39 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (including) 2020.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.0 up to (excluding) 2021.0.7 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.0 up to (excluding) 2021.1.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.0 up to (excluding) 2022.0.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.1.0 up to (excluding) 2022.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2023.0.0 up to (excluding) 2023.0.2 OR *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 14.0.5.45 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 14.1.0.0 up to (excluding) 14.1.6.97 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 15.0.0.0 up to (excluding) 15.0.2.39 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (excluding) 2021.0.7 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.0 up to (excluding) 2021.1.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.0 up to (excluding) 2022.0.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.1.0 up to (excluding) 2022.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2023.0.0 up to (excluding) 2023.0.2
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Jun. 23, 2023

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html [No Types Assigned]
  • Modified Analysis by [email protected]

    Jun. 20, 2023

    Action Type Old Value New Value
    Changed Reference Type http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html No Types Assigned http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html Third Party Advisory, VDB Entry
  • CVE Modified by [email protected]

    Jun. 14, 2023

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html [No Types Assigned]
  • Initial Analysis by [email protected]

    Jun. 12, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 No Types Assigned https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Vendor Advisory
    Added CWE NIST CWE-89
    Added CPE Configuration OR *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 14.0.5.45 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 14.1.0.0 up to (excluding) 14.1.6.97 *cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* versions from (including) 15.0.0.0 up to (excluding) 15.0.2.39 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (including) 2020.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.0 up to (excluding) 2021.0.7 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.0 up to (excluding) 2021.1.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.0 up to (excluding) 2022.0.5 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.1.0 up to (excluding) 2022.1.6 *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2023.0.0 up to (excluding) 2023.0.2
  • CVE Modified by [email protected]

    Jun. 05, 2023

    Action Type Old Value New Value
    Changed Description In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

94.31 }} -0.11%

score

0.99938

percentile