Progress Software Warns Users Of New SQL Injection Vulnerabilities

Progress Software has issued a warning to its customers about critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer solution. Discovered with the help of cybersecurity firm Huntress, these security bugs were found during code reviews conducted by Progress. The vulnerabilities impact all versions of MOVEit Transfer, allowing unauthenticated attackers to compromise servers and gain unauthorized access to or modify customer information. Progress has released a patch on June 9, 2023, and has already secured MOVEit Cloud clusters against potential attacks. Read more...