| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
| CVE-2024-6670 | 29 Aug 202400:00 | – | attackerkb | |
| The vulnerability of the WhatsUp Gold network infrastructure monitoring system lies in the lack of protective measures for the SQL query structure, allowing attackers to gain unauthorized access to user data. | 16 Dec 202400:00 | – | bdu_fstec | |
| CVE-2024-6670 | 24 Aug 202409:50 | – | circl | |
| Progress WhatsUp Gold SQL Injection Vulnerability | 16 Sep 202400:00 | – | cisa_kev | |
| CISA Adds Two Known Exploited Vulnerabilities to Catalog | 16 Sep 202412:00 | – | cisa | |
| WhatsUp Gold 安全漏洞 | 29 Aug 202400:00 | – | cnnvd | |
| CVE-2024-6670 WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability | 29 Aug 202422:04 | – | cvelist | |
| Exploit for SQL Injection in Progress Whatsup_Gold | 30 Aug 202417:13 | – | githubexploit | |
| WhatsUp Gold SQL Injection (CVE-2024-6670) | 27 Sep 202418:53 | – | metasploit | |
| Vulnerabilities fixed in Progress WhatsUp Gold | 2 Sep 202411:51 | – | ncsc |
[
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2024.0.0",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| KeyStorePassword | request body | NmConsole/WugSystemAppSettings/JMXSecurity | POST to set Java keystore passwords via JMXSecurity endpoint enabling password update via SQLi chain | CWE-89 |
| TrustStorePassword | request body | NmConsole/WugSystemAppSettings/JMXSecurity | POST to set Java keystore passwords via JMXSecurity endpoint enabling password update via SQLi chain | CWE-89 |
| deviceId | request body | NmConsole/Platform/PerformanceMonitorErrors/HasErrors | POST containing a crafted classId to trigger SQL injection and escalate privileges | CWE-89 |
| classId | request body | NmConsole/Platform/PerformanceMonitorErrors/HasErrors | POST containing a crafted classId to trigger SQL injection and escalate privileges | CWE-89 |
| range | request body | NmConsole/Platform/PerformanceMonitorErrors/HasErrors | POST containing a crafted classId to trigger SQL injection and escalate privileges | CWE-89 |
| n | request body | NmConsole/Platform/PerformanceMonitorErrors/HasErrors | POST containing a crafted classId to trigger SQL injection and escalate privileges | CWE-89 |
| start | request body | NmConsole/Platform/PerformanceMonitorErrors/HasErrors | POST containing a crafted classId to trigger SQL injection and escalate privileges | CWE-89 |
| end | request body | NmConsole/Platform/PerformanceMonitorErrors/HasErrors | POST containing a crafted classId to trigger SQL injection and escalate privileges | CWE-89 |
| username | request body | NmConsole/User/LoginAjax | POST login with attacker-controlled credentials after password update to verify access | CWE-89 |
| password | request body | NmConsole/User/LoginAjax | POST login with attacker-controlled credentials after password update to verify access | CWE-89 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation