CVE-2024-5015

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.3

Description: The issue involves an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Wug.UI.Areas.Wug.Controllers.SessionControler.Update function. This vulnerability can be chained with an Improper Access Control vulnerability, allowing a low-privileged user to escalate privileges to Admin.

Recommendations: For versions prior to 2023.1.3, update to version 2023.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Wug.UI.Areas.Wug.Controllers.SessionControler.Update function until a patch is applied. Additionally, review and enforce proper access controls to minimize the risk of exploitation.