Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection (SQLi) vulnerability (tracked as CVE-2023-35708) was shared online today.

This was a very bad sign, as it seemed the username was directly interpolated into the login SQL query. Sure enough, we had discovered SQL injection and were able to use sqlmap to confirm the ...

On the heels of a dramatic rise in SQL injection attacks linked to drive-by malware downloads, Microsoft has released aimed at helping Webmasters and IT administrators block and eradicate this ...

In an attempt to mitigate the impact of the recent waves of SQL injection attacks, and provide more transparency into the approximate number of affected pages, the Shadowserver Foundation is ...

The software contains an unauthenticated SQL injection flaw in the get_fabric_user_by_token() function, which uses the following code to issue a MySQL query: ...