Lucene search
K

8 matches found

Metasploit
Metasploit
added 2024/09/27 6:53 p.m.327 views

WhatsUp Gold SQL Injection (CVE-2024-6670)

This module exploits a SQL injection vulnerability in WhatsUp Gold, by changing the password of an existing user such as of the default admin account to an attacker-controlled one. WhatsUp Gold versions use auxiliary/admin/http/whatsupgoldsqli msf auxiliarywhatsupgoldsqli show actions ...actions...

9.8CVSS7.5AI score0.94661EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/09/13 11:4 a.m.44 views

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Malicious actors are likely leveraging publicly available proof-of-concept PoC exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released f...

10CVSS8.2AI score0.99984EPSS
Exploits35
VulnCheck KEV
VulnCheck KEV
added 2024/09/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-6670

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...

9.8CVSS5.9AI score0.94661EPSS
Exploits2References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/09/12 12:0 a.m.27 views

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671...

9.8CVSS8.4AI score0.94661EPSS
Exploits2
GithubExploit
GithubExploit
added 2024/08/30 5:13 p.m.864 views

Exploit for SQL Injection in Progress Whatsup_Gold

CVE-2024-6670 PoC for Progress Software WhatsUp Gold HasErrors...

9.8CVSS10AI score0.94661EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2024/08/29 10:4 p.m.29 views

CVE-2024-6670 WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...

9.8CVSS8.1AI score0.94661EPSS
Exploits2References2
CVE
CVE
added 2024/08/29 10:4 p.m.233 views

CVE-2024-6670

Summary (CVE-2024-6670): Progress WhatsUp Gold prior to version 24.0.0 contains a SQL Injection vulnerability that can allow an unauthenticated attacker to retrieve a user’s encrypted password. Public references confirm exploitation guidance (e.g., Metasploit module) and acknowledgments by CISA K...

9.8CVSS9.8AI score0.94661EPSS
In wildExploits2References3Affected Software1
Circl
Circl
added 2024/08/24 9:50 a.m.57 views

CVE-2024-6670

creationtimestamp| type| source ---|---|--- 2024-08-24 09:50:28+00:00| published-proof-of-concept| https://t.me/HackingInsights/11136 2024-08-30 01:25:57+00:00| seen| https://t.me/cvedetector/4481 2024-08-30 20:28:51+00:00| published-proof-of-concept| https://t.me/proxybar/2254 2024-08-30...

9.8CVSS7.5AI score0.94661EPSS
In wildExploits2References36
Rows per page
Query Builder