CVE-2017-6195

CVE Database · CVE-2017-6195

CVE-2017-6195

· N/AModified

CVSS v3.1

N/A

EPSS

1.99%

Published

May 18, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.

Weaknesses (CWE)

CWE-89

Affected Products (4)

ipswitch · moveit_dmzvulnerable

ipswitch · moveit_transfer_2017vulnerable

References (4)

http://ft.ipswitch.com/rs/751-HBN-596/images/Ipswitch-Security-Bulletin-FT-Vulnerability.pdf

PatchVendor Advisory

https://www.siberas.de/assets/papers/ssa-1705_IPSWITCH_SQLinjection.txt

Third Party Advisory

http://ft.ipswitch.com/rs/751-HBN-596/images/Ipswitch-Security-Bulletin-FT-Vulnerability.pdf

PatchVendor Advisory

https://www.siberas.de/assets/papers/ssa-1705_IPSWITCH_SQLinjection.txt

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs