A SQL injection vulnerability has been found in the MOVEit Transfer web application, allowing an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. Progress ...

MOVEit Transfer, the software at the center of the recent massive spree of Clop ransomware breaches, has received an update that fixes a critical-severity SQL injection bug and two other less ...

Progress disclosed the vulnerability alongside a flaw in MOVEit Gateway, an add-on product for the file transfer service.

Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection (SQLi) vulnerability (tracked as CVE-2023-35708) was shared online today.

On Thursday, MOVEit-maker Progress Software published a security bulletin that included fixes for three newly discovered vulnerabilities in the file-transfer application.

The most serious vulnerability is CVE-2023-36934, which Progress Software rates as “critical”. Unpatched versions of the MOVEit Transfer web application have a SQL injection vulnerability.

Progress said that it has found additional MOVEit vulnerabilities and released a new patch, which MOVEit Transfer customers must apply.

An unauthenticated, remote attacker can exploit the vulnerability by sending a specially crafted SQL injection to a vulnerable MOVEit Transfer instance.

Progress Software Corporation recently published a bulletin about a new security vulnerability in Moveit. The enterprise-focused file transfer application is affected by a critical flaw that cyber ...