Progress Software announced on May 31 that its MOVEit Transfer managed file transfer (MFT) software is susceptible to a SQL injection vulnerability. Attackers can obtain information regarding the structure and contents of the database and run SQL commands to remove or modify particular elements. The vulnerability differs depending on the database engine (MySQL, Microsoft SQL Server, or Azure SQL).
The company has released patches in versions 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5) and 2023.0.1 (15.0.1). Progress has not confirmed whether attackers exploited the vulnerability before they detected it, but multiple other cybersecurity firms have identified attacks involving the MOVEit MFT software. Recent ransomware attacks deployed a backdoor named ‘human2.aspx’ in the ‘wwwroot’ folder which allows them to download files and add a backdoor admin user. Approximately 1,700 software companies utilize MOVEit MFT software including the US Department of Homeland Security.
Read More: