MOVEit Transfer Faces Another Critical Data-Theft Bug

Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0ps data extortion rampage gallops on.

Yet another critical SQL injection vulnerability has been disclosed and patched in Progress Softwares MOVEit Transfer software — the fourth such flaw revealed in the space of a month.
The security bug (CVE-2023-36934) is distinct from the former zero-day flaw thats being
exploited with resounding success
by the Cl0p ransomware gang. But like that bug, it could allow unauthenticated cyberattackers to access MOVEit Transfer databases, and from there execute malware, manipulate files, or exfiltrate information.
An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content, according to the
Progress advisory on the bug
.
The flaw hasnt been exploited in the wild so far, according to the advisory — but given its severity, users are urged to patch it as soon as possible, along with two high-severity vulnerabilities (CVE-2023-36932 and CVE-2023-36933) disclosed at the same time.
The bugs affect MOVEit Transfer versions 12.1.10 and earlier, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6 and earlier, 14.1.7 and earlier, and 15.0.3 and earlier.
The other SQL vulnerabilities revealed since early June are
CVE-2023-35708
and
CVE-2023-35036
, as well as
CVE-2023-34362
, which is Cl0ps target and was discovered Memorial Day weekend.
Speaking of
the Cl0p campaign
, the extortion gang is galloping on, claiming
200+ victims so far
, including government agencies. The blast radius of the campaign has been widened by
compromised third-party vendors
exposing their downstream customers.
Progress said this week that it
plans to release MOVEit product updates
every two months from now on.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
MOVEit Transfer Faces Another Critical Data-Theft Bug