Progress MOVEit Transfer UserProcessPassChangeRequest SQL Injection Vulnerability Webapp Exploit

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserProcessPassChangeRequest function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.
CVE Link
CVE-2023-36934
Exploit Platform
Windows
Exploit Type
Exploits
OS Command Injection
Known Vulnerabilities
Product Name
Impact