VDB
WID-SEC-W-2023-1351
WID-SEC-W-2023-1351
PUBLISHED
Progress MOVEit ist eine sichere Managed File Transfer (MFT)-Software, die Transparenz und Kontrolle über die Dateiübertragungsaktivitäten bietet.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Progress Software MOVEit < 2021.1.4 | ||
| Progress Software MOVEit < 2023.0.1 | ||
| Progress Software MOVEit < 2022.1.5 | ||
| Progress Software MOVEit < 2022.0.4 | ||
| Progress Software MOVEit < 2021.0.6 |
Exploit Intelligence
- horrister/moveit-transfer-cve-2023-34362 (github-poc-repo)
- horrister/moveit-transfer-cve-2023-34362 (github-poc)
- CVE-2023-34362: MOVEit Transfer Unauthenticated RCE (github-poc-repo)
- Modified RCE with a remote shell and logging (github-poc-repo)
- This repository investigates the exploitation of CVE-2023-34362 in the MOVEit file transfer server by the TA505 (Cl0p) ransomware group. It explores the group's tactics and past campaigns targeting file transfer applications, aiming to enhance understanding and defensive measures against such threats. (github-poc-repo)
- Threat-Informed Detection & Mitigation Package for MOVEit Transfer Vulnerability (github-poc-repo)
- MOVEit Transfer 2023 mass data breach (CVE-2023-34362) (github-poc-repo)
- Detailed analysis of the 2023 MOVEit Transfer data breach (CVE-2023-34362) for CS50 Cybersecurity. This project explores the technical impact of unauthenticated SQL Injection and its consequences for global data privacy, affecting 2,700+ organizations. Special thanks to Professor David J. Malan and the CS50 staff. (github-poc-repo)
- This repository contains an academic and technical analysis of CVE-2023-34362, a critical SQL injection vulnerability affecting the MOVEit Transfer application, a widely used enterprise Managed File Transfer (MFT) platform. The project was developed as part of the CYB625 – Ethical Hacking & Penetration Testing course at Pace University. (github-poc-repo)
- This repository contains an academic and technical analysis of CVE-2023-34362, a critical SQL injection vulnerability affecting the MOVEit Transfer application, a widely used enterprise Managed File Transfer (MFT) platform. The project was developed as part of the CYB625 – Ethical Hacking & Penetration Testing course at Pace University. (github-poc)
…and 52 more exploits
Timeline
- Jun 1, 2023 PoC Published
- Jun 1, 2023 CVE Published
- Jun 4, 2023 CVE Updated
- Jul 15, 2023 PoC Published
- Dec 11, 2023 PoC Published
- Mar 1, 2024 PoC Published
- Apr 5, 2024 PoC Published
- May 19, 2024 PoC Published
- Jul 25, 2024 PoC Published
- Jan 18, 2025 PoC Published
- May 9, 2025 PoC Published
- Oct 29, 2025 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1351.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1351 advisory
- https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-240133-1000.pdf?__blob=publicationFile&v=3 url
- https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 url