CVE-2024-6672

Name of the Vulnerable Software and Affected Versions WhatsUp Gold versions prior to 2024.0.0

Description A SQL Injection issue allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. This can be exploited by altering a privileged user's password, enabling the attacker to gain higher privileges.

Recommendations For versions prior to 2024.0.0, update to version 2024.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the getMonitorJoin function until a patch is available.