MOVEit Transfer customers warned to patch new critical flaw


A critical-severity SQL injection hole and two other less serious vulnerabilities have been fixed in MOVEit Transfer, the software at the centre of the recent widespread Clop ransomware outbreaks. SQL injection flaws give hackers the ability to create custom queries to access databases or manipulate them by running code.

The target application must not perform adequate input/output data sanitization for these attacks to be successful. The company that created MOVEit Transfer, Progress, found several SQL injection issues in their software, including a critical one identified as CVE-2023-36934 that may be exploited without user authentication.

Read More…