8 matches found
WhatsUp Gold SQL Injection (CVE-2024-6670)
This module exploits a SQL injection vulnerability in WhatsUp Gold, by changing the password of an existing user such as of the default admin account to an attacker-controlled one. WhatsUp Gold versions use auxiliary/admin/http/whatsupgoldsqli msf auxiliarywhatsupgoldsqli show actions ...actions...
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
Malicious actors are likely leveraging publicly available proof-of-concept PoC exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released f...
VulnCheck KEV: CVE-2024-6670
Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671...
Exploit for SQL Injection in Progress Whatsup_Gold
CVE-2024-6670 PoC for Progress Software WhatsUp Gold HasErrors...
CVE-2024-6670 WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...
CVE-2024-6670
Summary (CVE-2024-6670): Progress WhatsUp Gold prior to version 24.0.0 contains a SQL Injection vulnerability that can allow an unauthenticated attacker to retrieve a user’s encrypted password. Public references confirm exploitation guidance (e.g., Metasploit module) and acknowledgments by CISA K...
CVE-2024-6670
creationtimestamp| type| source ---|---|--- 2024-08-24 09:50:28+00:00| published-proof-of-concept| https://t.me/HackingInsights/11136 2024-08-30 01:25:57+00:00| seen| https://t.me/cvedetector/4481 2024-08-30 20:28:51+00:00| published-proof-of-concept| https://t.me/proxybar/2254 2024-08-30...