1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. SQL Injection Capability Group

Known Exploited Vulnerabilities SQL Injection Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-27101 Accellion FTA SQL Injection Vulnerability secondary_impact T1005 Data from Local System
Comments
CVE-2021-27101 is a SQL injection vulnerability in Accellion File Transfer Appliance that allows an adversary to execute SQL commands.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a
CVE-2021-27101 Accellion FTA SQL Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2021-27101 is a SQL injection vulnerability in Accellion File Transfer Appliance that allows an adversary to execute SQL commands.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a
CVE-2021-42258 BQE BillQuick Web Suite SQL Injection Vulnerability secondary_impact T1486 Data Encrypted for Impact
Comments
CVE-2021-42258 is a SQL injection vulnerability in BillQuick Web Suite that allows attackers to execute arbitrary SQL commands on the database server
References
  1. https://therecord.media/hackers-use-sql-injection-bug-in-billquick-billing-app-to-deploy-ransomware
  2. https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
CVE-2021-42258 BQE BillQuick Web Suite SQL Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2021-42258 is a SQL injection vulnerability in BillQuick Web Suite that allows attackers to execute arbitrary SQL commands on the database server
References
  1. https://therecord.media/hackers-use-sql-injection-bug-in-billquick-billing-app-to-deploy-ransomware
  2. https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability secondary_impact T1531 Account Access Removal
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
  1. https://www.cisa.gov/sites/default/files/2023-07/aa23-158a-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability_8.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability secondary_impact T1136 Create Account
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
  1. https://www.cisa.gov/sites/default/files/2023-07/aa23-158a-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability_8.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability secondary_impact T1005 Data from Local System
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
  1. https://www.cisa.gov/sites/default/files/2023-07/aa23-158a-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability_8.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability secondary_impact T1082 System Information Discovery
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
  1. https://www.cisa.gov/sites/default/files/2023-07/aa23-158a-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability_8.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability secondary_impact T1105 Ingress Tool Transfer
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
  1. https://www.cisa.gov/sites/default/files/2023-07/aa23-158a-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability_8.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
  1. https://www.cisa.gov/sites/default/files/2023-07/aa23-158a-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability_8.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
  1. https://www.cisa.gov/sites/default/files/2023-07/aa23-158a-stopransomware-cl0p-ransomware-gang-exploits-moveit-vulnerability_8.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability secondary_impact T1105 Ingress Tool Transfer
Comments
This is an SQL injection vulnerability that can be exploited to execute remote code via specially crafted HTTP requests. Adversaries have been observed using this exploit to deploy tools on the target machine.
References
  1. https://redcanary.com/blog/threat-intelligence/cve-2023-48788/
  2. https://www.esentire.com/security-advisories/widespread-exploitation-of-fortinet-vulnerability-cve-2023-48788
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This is an SQL injection vulnerability that can be exploited to execute remote code via specially crafted HTTP requests. Adversaries have been observed using this exploit to deploy tools on the target machine.
References
  1. https://redcanary.com/blog/threat-intelligence/cve-2023-48788/
  2. https://www.esentire.com/security-advisories/widespread-exploitation-of-fortinet-vulnerability-cve-2023-48788
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This is an SQL injection vulnerability that can be exploited to execute remote code via specially crafted HTTP requests. Adversaries have been observed using this exploit to deploy tools on the target machine.
References
  1. https://redcanary.com/blog/threat-intelligence/cve-2023-48788/
  2. https://www.esentire.com/security-advisories/widespread-exploitation-of-fortinet-vulnerability-cve-2023-48788

Capabilities

Capability ID Capability Name Number of Mappings
CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability 7
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability 3
CVE-2021-42258 BQE BillQuick Web Suite SQL Injection Vulnerability 2
CVE-2021-27101 Accellion FTA SQL Injection Vulnerability 2