漏洞描述
Progress MOVEit Transfer 中存一个身份验证绕过漏洞,当攻击者知道一个有效用户名时可以绕过身份验证冒充任意用户登录系统,获取服务器上的敏感数据。漏洞威胁等级:高危,漏洞编号:CVE-2024-5806。
Progress MOVEit Transfer 身份验证绕过漏洞
PoC代码
暂无相关漏洞推荐
- Progress Chef Automate /api/v0/compliance/profiles/search SQL 注入漏洞(CVE-2025-8868)
- POC 普华 PowerPMS Transfer.aspx 未授权访问漏洞
- Progress Telerik Report Server /Startup/Register 未授权访问漏洞(CVE-2024-4358)
- POC CVE-2023-34362: MOVEit Transfer - Remote Code Execution
- POC CVE-2023-36934: MOVEit Transfer - SQL Injection
- POC CVE-2024-1212: Progress Kemp LoadMaster - Command Injection
- POC CVE-2024-2389: Progress Kemp Flowmon - Command Injection
- POC CVE-2024-4358: Progress Telerik Report Server - Authentication Bypass
- POC CVE-2024-4885: Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution
- POC secure-transfeross-disabled: Secure Transfer for OSS Buckets - Disabled
- POC CVE-2024-2389: Progress Flowmon rce
- POC azure-storage-secure-transfer: Azure Storage Secure Transfer Not Enabled
- POC dns-zone-transfer-any: DNS Zone Transfer Allowed to Any Host