"Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today. "CVE-2023-34362 allows attackers to authenticate as any user."
CVE-2023-34362 relates to an SQL injection vulnerability in MOVEit Transfer that enables unauthenticated, remote attackers to gain access to the application database and execute arbitrary code.
Publisher: The Hacker News
Author: https www facebook com thehackernews
Twitter: @TheHackersNews
Reference: (Read more) Visit Source
No comments:
Post a Comment