Forum Discussion
Second SQL Injection Discovered in MOVEit Transfer (CVE-Pendi
Second SQL Injection Discovered in MOVEit Transfer (CVE-Pending)
On June 9, Progress Software Corporation (“Progress Software”) published a new advisory to address a second SQL injection vulnerability in MOVEit Transfer, its file transfer solution. At the time this community post was published, no CVE was assigned, though Progress Software has said a CVE is pending assignment. Once a CVE is assigned, it will be referenced in our blog post below.
This new flaw was reportedly discovered as part of a security audit following the disclosure of CVE-2023-34362, which was disclosed on June 2.
Our existing blog for CVE-2023-34362 has been updated to include information about this new SQL injection vulnerability. Additionally, updated detection and version check plugin information can be found in our blog.