CVE-2024-46905

Name of the Vulnerable Software and Affected Versions WhatsUp Gold versions prior to 2024.0.1

Description A SQL Injection issue allows an authenticated lower-privileged user, with at least Network Manager permissions, to achieve privilege escalation to the admin account. This is related to the GetOrderByClause function.

Recommendations For versions prior to 2024.0.1, update to version 2024.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the GetOrderByClause function until a patch is available. Additionally, limiting privileges for lower-privileged users can help minimize the risk of exploitation.