Advanced

MOVEit Vulnerability: What You Should Know

The MOVEit Transfer vulnerabilities represent a textbook case of a critical, unauthenticated SQL injection flaw in a widely deployed, internet-facing managed file transfer application bei...

MOVEit Transfer is a managed file transfer (MFT) application. Organizations host it to allow controlled sharing of files, typically with external partners and other organizations outside their own network boundary. Because file sharing is a near-universal business need, MOVEit Transfer is used broadly across many industries.

The core vulnerability affecting MOVEit Transfer is SQL injection (SQLi). An unauthenticated attacker — someone with no valid credentials on the system — can send a crafted SQL request to the application. From that injection point, the attacker can pivot to arbitrary code execution, effectively gaining the ability to do anything within that system: read, modify, or exfiltrate any files hosted on the server, and execute further commands.

In short: this is a web application vulnerability (SQL injection) that is leveraged to achieve full code execution on the underlying host running the software.

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: The MOVEit Transfer Vulnerability
  3. 3 Summary

More Vulnerability Briefings courses

View all 30

Interested in this course?

Contact us to book it or get a custom training plan for your team.