发布于3月6日3月6日 Members Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read Disclosed 06/25/2024 Created 07/08/2024 Description This module exploits CVE-2024-5806, an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The following version are affected: * MOVEit Transfer 2023.0.x (Fixed in 2023.0.11) * MOVEit Transfer 2023.1.x (Fixed in 2023.1.6) * MOVEit Transfer 2024.0.x (Fixed in 2024.0.2) The module can establish an authenticated SFTP session for a MOVEit Transfer user. The module allows for both listing the contents of a directory, and the reading of an arbitrary file. Author(s) sfewer-r7 Development Source Code History
