Progress Software’s latest issue, tracked as CVE-2023-35708, is a SQL injection vulnerability that hackers can exploit to gain escalated privileges and unauthorized access to Moveit’s database. In.
In context: Progress Software’s enterprise-level managed file transfer application, Moveit, has had a bad month. Less than a few weeks ago, known Russian-linked threat actors and ransomware groups actively exploited two vulnerabilities, impacting private, corporate, and government customers.
Progress Software’s latest issue, tracked as CVE-2023-35708, is a SQL injection vulnerability that hackers can exploit to gain escalated privileges and unauthorized access to Moveit’s database. In this case, attackers can submit a crafted payload to a Moveit Transfer application endpoint, providing them with unauthorized access to its database content.
The new security hole joins two similar, previously reported issues, CVE-2023-34362 and CVE-2023-35036.
