CVE-2023-34362: SQL Injection in Progress Software’s MOVEit Transfer
On May 31, 2023, Progress informed about a critical vulnerability (CVE-2023-34362) in its MOVEit Transfer software, which could potentially lead to privilege escalation and unauthorized access on affected systems through SQL injection (SQLi) in the MOVEit Transfer web application. MOVEit Transfer is a software developed by Progress Software that provides secure collaboration and automated file transfers for sensitive data. It is widely used by numerous organizations globally. Depending on the database engine used, such as MySQL, Microsoft SQL Server, or Azure SQL, an attacker may be able to gain access to the database's structure and contents, and even execute SQL statements to modify or delete data. It is important to note that these attacks can occur over protocols like HTTP ...