A critical SQL injection vulnerability affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. At present, no CVE is assigned to this zero-day vulnerability. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. MOVEit Transfer is a managed file transfer (MFT) solution available in … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Transfer Managed File Transfer Application”
Tag: SQL Command Injection Vulnerability
WordPress LMS Plugin LearnPress Multiple Vulnerabilities (CVE-2022-45820, CVE-2022-45808, & CVE-2022-47615)
Multiple vulnerabilities have been discovered in the WordPress online course plugin LearnPress. The vulnerabilities are being tracked as CVE-2022-45820, CVE-2022-45808, and CVE-2022-47615. These vulnerabilities could allow attackers to insert malicious code, potentially leading to sensitive information disclosure, data modification, and arbitrary code execution. PatchStack discovered the vulnerability. LearnPress is a comprehensive, free-to-use learning management … Continue reading “WordPress LMS Plugin LearnPress Multiple Vulnerabilities (CVE-2022-45820, CVE-2022-45808, & CVE-2022-47615)”