CVE-2023-34362CISA KEVEPSS p100.0%

CVE-2023-34362Progress MOVEit Transfer SQL Injection Vulnerability

Progress / MOVEit Transfer

Description

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.

Scoring

EPSS99.93% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2023-06-02

(incoming)1

TypeTargetConfidenceTier
KEVEntryProgress MOVEit Transfer SQL Injection Vulnerabilitykev-cve-2023-343620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10932
CVE
CVE-2025-2324
CVE
CVE-2026-4670
CVE
CVE-2026-5174
CVE
CVE-2026-33088
CVE
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.