For the third time since the discovery of the MOVEit Transfer application zero-day vulnerability, Progress Software has revealed a new critical SQL injection vulnerability affecting its managed file transfer web application. The company also revealed two high-severity bugs.
Critical Bug – CVE-2023-36934
The critically rated bug, tracked as CVE-2023-36934, has a CVSS score of 9.8. It allows remote attackers to bypass authentication on affected systems and execute arbitrary code, said Progress Software in a security advisory.