thehackernews.com Open in urlscan Pro
2606:4700:20::681a:296  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.google.com/cse

<form action="https://www.google.com/cse" id="searchform" method="get"><input autocomplete="off" id="s" name="q" placeholder="Search Here..." type="text">
  <input name="cx" type="hidden" value="partner-pub-7983783048239650:3179771210">
</form>

Name: f1 — POST https://inl02.netline.com/rssnews0001/

<form action="https://inl02.netline.com/rssnews0001/" class="clear cf" id="subform" method="post" name="f1" target="_blank">
  <div class="email-box-h3">Join 110,000+ Professionals</div>
  <p>Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.</p>
  <div class="email-input">
    <input name="_submit" type="hidden" value="0001">
    <input id="brand" name="brand" type="hidden" value="thehackernews">
    <div class="e-book"><input checked="yes" id="opt_001" name="opt_001" type="checkbox" value="Y"><input checked="yes" id="opt_003" name="opt_003" type="checkbox" value="Y"></div><label class="visuallyhidden" for="input-email">Email</label><input
      class="text" id="input-email" name="email" placeholder="Your e-mail address" required="" type="email">
    <button aria-label="Subscribe" id="submitform" type="submit" value="Subscribe"></button>
  </div>
</form>

Text Content

#1 Trusted Cybersecurity News Platform Followed by 3.76+ million  


 Get the Free Newsletter
 *  Home
 *  Newsletter
 *  Webinars

 * Home
 * Data Breaches
 * Cyber Attacks
 * Vulnerabilities
 * Webinars
 * Store
 * Contact





Resources
 * Webinars
 * THN Store
 * Free eBooks

About Site
 * About THN
 * Jobs
 * Advertise with us


Contact/Tip Us

Reach out to get featured—contact us to send your exclusive story idea,
research, hacks, or ask us a question or leave a comment/feedback!

Follow Us On Social Media
    
 RSS Feeds  Email Alerts  Telegram Channel



ANOTHER CRITICAL UNAUTHENTICATED SQLI FLAW DISCOVERED IN MOVEIT TRANSFER
SOFTWARE

Jul 07, 2023Swati KhandelwalVulnerability / Cyber Threat

Progress Software has announced the discovery and patching of a critical SQL
injection vulnerability in MOVEit Transfer, popular software used for secure
file transfer. In addition, Progress Software has patched two other
high-severity vulnerabilities.

The identified SQL injection vulnerability, tagged as CVE-2023-36934, could
potentially allow unauthenticated attackers to gain unauthorized access to the
MOVEit Transfer database.

SQL injection vulnerabilities are a well-known and dangerous security flaw that
allows attackers to manipulate databases and run any code they want. Attackers
can send specifically designed payloads to certain endpoints of the affected
application, which could change or expose sensitive data in the database.



The reason CVE-2023-36934 is so critical is that it can be exploited without
having to be logged in. This means that even attackers without valid credentials
can potentially exploit the vulnerability. However, as of now, there have been
no reports of this particular vulnerability being actively used by attackers.

This discovery comes after a series of recent cyberattacks that used a different
SQL injection vulnerability (CVE-2023-34362) to target MOVEit Transfer with Clop
ransomware. These attacks resulted in data theft and money extortion from
affected organizations.

This latest security update from Progress Software also addresses two other
high-severity vulnerabilities: CVE-2023-36932 and CVE-2023-36933.

CVE-2023-36932 is a SQL injection flaw that can be exploited by attackers who
are logged in to gain unauthorized access to the MOVEit Transfer database.
CVE-2023-36933, on the other hand, is a vulnerability that allows attackers to
unexpectedly shut down the MOVEit Transfer program.

UPCOMING WEBINAR
Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We've got you covered! Join this webinar to
explore practical strategies and the secrets of proactive security with SaaS
Security Posture Management.

Reserve Your Spot

Researchers from HackerOne and Trend Micro's Zero Day Initiative responsibly
reported Progress Software about these vulnerabilities.

These vulnerabilities affect multiple MOVEit Transfer versions, including
12.1.10 and previous versions, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6
and older, 14.1.7 and older, and 15.0.3 and earlier.

Progress Software has made the necessary updates available for all major MOVEit
Transfer versions. Users are strongly advised to update to the latest version of
MOVEit Transfer to reduce the risks posed by these vulnerabilities.




Found this article interesting? Follow us on Twitter  and LinkedIn to read more
exclusive content we post.

SHARE    
Tweet
Share
Share
Share
 Share on Facebook Share on Twitter Share on Linkedin Share on Reddit
Share on Hacker News Share on Email Share on WhatsApp Share on Facebook
Messenger Share on Telegram
SHARE 
MOVEit Transfer, Progress Software, sql injection, Vulnerability
Trending News
Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China
Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and
Safari
Revolut Faces $20 Million Loss as Attackers Exploit Payment System Weakness
Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing
Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer
Software
How to Apply MITRE ATT&CK to Your Organization
Popular Resources
Secrets of Vulnerability Management: Actionable Insights for Security Leaders
Shield Your Industrial Operations from Threats: Find Expert Solutions in I-SRA
Report
Eliminate Shadow IT Hassles in Minutes! Try Wing's Free SaaS App Discovery
Learn How to Identify Visitors Using Fingerprint's Real-Time Device Intelligence

Breaking News

Cybersecurity Resources
Get McAfee+ Ultimate: Antivirus, Firewall, Password Manager, and More
Protect your data and devices from threats like malware, phishing, and more with
McAfee.
Check Out These Free Cybersecurity Resources
These free resources contain valuable information you can apply to the work you
do every day.
5 Stages to a Secure Software Supply Chain [Free eBook]
Go from Complete Anarchy to Nirvana in securing your software supply chain.
Informed guidance and best practices.
Want To Excel in Cybersecurity Risk Management?
Manage cybersecurity risk with a master's from Georgetown. Attend our sample
class on July 19.

Join 110,000+ Professionals

Sign up for free and start receiving your daily dose of cybersecurity news,
insights and tips.


Email

Connect with us!

900,000 Followers

1,950,000 Followers

465,000 Followers

20,900 Subscribers

144,000 Followers

110,000 Subscribers
Company
 * About THN
 * Advertise with us
 * Contact

Pages
 * Webinars
 * Deals Store
 * Privacy Policy

Deals
 * Hacking
 * Development
 * Android

 RSS Feeds
 Contact Us
© The Hacker News, 2023. All Rights Reserved.