Multiple SQL Injection Vulnerabilities in MOVEit Transfer with Fresh Security Patches
Progress Software, the creator of the MOVEit Transfer application, has released patches aimed at fixing newly discovered SQL injection vulnerabilities in the file transfer solution. If left unaddressed, these vulnerabilities could potentially lead to data breaches.
The company announced on June 9, 2023, multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database.
An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content. All versions of MOVEit Transfer are affected by this vulnerability.
These vulnerabilities affect all versions of the MOVEit Transfer service. However, Progress Software has promptly released patches for versions 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2) to combat these vulnerabilities.
The vulnerabilities were discovered and reported by cybersecurity firm Huntress as part of a code review. According to Progress Software, there have been no reported instances of these vulnerabilities being exploited in the wild.
Initial vulnerability CVE-2023-34362 on MOVEit was disclosed on May 31, 2023 hat was heavily exploited to drop web shells on targeted systems. This activity has been traced back to the infamous Cl0p ransomware gang, popular for data theft campaigns and exploiting zero-day vulnerabilities in various managed file transfer platforms since December 2020.
The Cl0p actors have reportedly issued an extortion notice to the affected companies, warning them to contact the group by June 14, 2023. Failure to respond to the ransomware group's demand may result in the publishing of their stolen information on a data leak site.
The findings from the investigation highlight the significant planning and preparatory work that often precedes mass exploitation events. With cybercriminals continually adapting their tactics, businesses must maintain stringent security measures and promptly apply security patches to protect against potential vulnerabilities.