Third MOVEit bug fixed a day after PoC exploit made public


The third serious flaw in Progress Software’s MOVEit file transfer software, which had only been discovered the day before, was fixed on Friday.It bears emphasising that the SQL injection weakness was made public knowledge a day before the software provider patched it.

A proof-of-concept exploit for the most recent vulnerability, tracked as CVE-2023-35708, also surfaced on Thursday. The issue has now been addressed. The researcher known as MCKSys Argentina, who provided screenshots of the researcher’s PoC exploit code, confirmed to The Register that a MOVEit fix for CVE-2023-35708 released on June 16 patched the vulnerability.

Read More…