Rahul Maini

CVE-2023-36934 Analysis: MOVEit Transfer SQL Injection

Introduction At ProjectDiscovery, our focus is on enhancing our open-source solution, Nuclei, by incorporating templates for trending CVEs. Our collaborative efforts involve constant additions of templates by the open-source community, internal template and research team to stay updated on emerging exploits. One such notable case involves MOVEit Transfer, a widely utilized web application, which recently came under scrutiny due to a series of SQL injection (SQLi) vulnerabilities. These vulnera

Vulnerability Management Nuclei & Templates

PHP Development Server <= 7.4.21 - Remote Source Disclosure

Introduction While testing request pipelining on multiple programming language built-in servers, we observed strange behavior with PHP’s. As we delved deeper, we discovered a security bug in PHP that could expose the source code of PHP files as if they were static files rather than executing them as intended. Upon further testing, we found that the vulnerability was not present in the latest PHP release. We conducted further tests on different versions of PHP to determine when the bug was fixe

Vulnerability Research Nuclei & Templates

Rahul Maini

CVE-2023-36934 Analysis: MOVEit Transfer SQL Injection

PHP Development Server <= 7.4.21 - Remote Source Disclosure

Monitor your infrastructure

Talk to sales

Platform

Open Source

Resources

Company