Another Unauthenticated SQLi Flaw Patched in MOVEit Transfer Software

Progress Software, the creators of the renowned MOVEit Transfer, a popular secure file transfer software, has recently identified and patched a critical SQL injection vulnerability within their system. Additionally, the team has tackled two other high-severity flaws, thus bringing an extra layer of assurance to their user base.

This trio of vulnerabilities consisted of an SQL injection vulnerability identified as CVE-2023-36934, which could potentially allow unauthenticated attackers to gain unauthorized access to the MOVEit Transfer database.

SQL injection vulnerabilities aren't exactly a secret in the cyber security world. They present a way for cyber-criminals to tweak databases and execute any code of their choosing. Attackers usually dispatch specially designed payloads to certain parts of the compromised application, potentially altering or exposing sensitive data.

Making CVE-2023-36934 more fearsome is the fact that it could be manipulated without the need for the attacker to be logged in. However, there's currently no evidence of this particular flaw being exploited by any malicious actors.

“An SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database,” reads Progress’s security bulletin.

“An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content”

This discovery comes after a series of recent cyberattacks that used a different SQL injection vulnerability (CVE-2023-34362) to target MOVEit Transfer with Clop ransomware. These attacks resulted in data theft and money extortion from large organizations worldwide.

The security upgrade from Progress Software also put two other major vulnerabilities out of action: CVE-2023-36932 and CVE-2023-36933. The former is another SQL injection flaw that could be exploited by attackers once logged in, while the latter is a high-severity problem that lets attackers cause unexpected termination of the MOVEit Transfer program.

Researchers from HackerOne and Trend Micro's Zero Day Initiative responsibly reported Progress Software about these vulnerabilities.

These vulnerabilities affect multiple MOVEit Transfer versions, including 12.1.10 and previous versions, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6 and older, 14.1.7 and older, and 15.0.3 and earlier.

For those using MOVEit Transfer, it's highly recommended that you upgrade to the latest version of MOVEit Transfer. as Progress Software has rolled out updates for all the key versions of the software. To shield your system from these vulnerabilities.