Progress has discovered a vulnerability in file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory.  “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database,” the company said in the post, adding that depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.  MOVEit Transfer is a managed file transfer solution developed by Progress Software. It allows enterprises to transfer files between business partners and customers securely.  “All MOVEit Transfer versions are affected by this vulnerability,” Progress said in the advisory.

Source: CSO Online