CVE-2024-46906

Name of the Vulnerable Software and Affected Versions WhatsUp Gold versions prior to 2024.0.1

Description A SQL Injection vulnerability in WhatsUp Gold allows an authenticated low-privileged user with at least Report Viewer permissions to achieve privilege escalation to the admin account. This issue enables a low-level user to gain administrative access.

Recommendations For versions prior to 2024.0.1, update to version 2024.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the GetSqlWhereClause function until a patch is available. Additionally, limit the use of Report Viewer permissions to minimize the risk of exploitation.