Security News > 2023 > July > MOVEit Transfer customers warned to patch new critical flaw
"An SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database," reads Progress's security bulletin.
"An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content" - MOVEit Transfer advisory.
This flaw impacts MOVEit Transfer versions 13.0.8 and older, 13.1.6 and older, 14.0.6 and older, 14.1.7 and older, and 15.0.3 and older.
As part of this new approach, the software upgrade process is being streamlined, allowing MOVEit Transfer admins to apply fixes quicker and easier than before.
MOVEit Transfer customers warned of new flaw as PoC info surfaces.
New MOVEit Transfer critical flaws found after security audit, patch now.