Multiple Denial of Service and SQL injection vulnerabilities are discovered in the Service Pack program for MOVEit products, including MOVEit Transfer and MOVEit Automation. CVE-2023-36934 is rated as critical, while CVE-2023-36932 and CVE-2023-36933 are rated High. Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to the MOVEit Transfer database and terminate … Continue reading “Progress MOVEit Transfer Multiple Vulnerabilities (CVE-2023-36932, CVE-2023-36933, & CVE-2023-36934)”
Tag: SQL Command Injection Vulnerability
MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)
A critical SQL injection vulnerability (CVE-2023-34362) affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 23rd June … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)”
WordPress LMS Plugin LearnPress Multiple Vulnerabilities (CVE-2022-45820, CVE-2022-45808, & CVE-2022-47615)
Multiple vulnerabilities have been discovered in the WordPress online course plugin LearnPress. The vulnerabilities are being tracked as CVE-2022-45820, CVE-2022-45808, and CVE-2022-47615. These vulnerabilities could allow attackers to insert malicious code, potentially leading to sensitive information disclosure, data modification, and arbitrary code execution. PatchStack discovered the vulnerability. LearnPress is a comprehensive, free-to-use learning management … Continue reading “WordPress LMS Plugin LearnPress Multiple Vulnerabilities (CVE-2022-45820, CVE-2022-45808, & CVE-2022-47615)”