|
5779 | 5779 |
|
5780 | 5780 | ] |
5781 | 5781 | }, |
| 5782 | + "auxiliary_admin/http/whatsup_gold_sqli": { |
| 5783 | + "name": "WhatsUp Gold SQL Injection (CVE-2024-6670)", |
| 5784 | + "fullname": "auxiliary/admin/http/whatsup_gold_sqli", |
| 5785 | + "aliases": [ |
| 5786 | + |
| 5787 | + ], |
| 5788 | + "rank": 300, |
| 5789 | + "disclosure_date": "2024-08-29", |
| 5790 | + "type": "auxiliary", |
| 5791 | + "author": [ |
| 5792 | + "Michael Heinzl", |
| 5793 | + "Sina Kheirkhah ( <Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)>" |
| 5794 | + ], |
| 5795 | + "description": "This module exploits a SQL injection vulnerability in WhatsUp Gold, by changing the password of an existing user (such as of the default admin account)\n to an attacker-controlled one.\n\n WhatsUp Gold versions < v24.0.0 are affected.", |
| 5796 | + "references": [ |
| 5797 | + "CVE-2024-6670", |
| 5798 | + "URL-https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024", |
| 5799 | + "URL-https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/", |
| 5800 | + "URL-https://www.zerodayinitiative.com/advisories/ZDI-24-1185/" |
| 5801 | + ], |
| 5802 | + "platform": "", |
| 5803 | + "arch": "", |
| 5804 | + "rport": 443, |
| 5805 | + "autofilter_ports": [ |
| 5806 | + 80, |
| 5807 | + 8080, |
| 5808 | + 443, |
| 5809 | + 8000, |
| 5810 | + 8888, |
| 5811 | + 8880, |
| 5812 | + 8008, |
| 5813 | + 3000, |
| 5814 | + 8443 |
| 5815 | + ], |
| 5816 | + "autofilter_services": [ |
| 5817 | + "http", |
| 5818 | + "https" |
| 5819 | + ], |
| 5820 | + "targets": null, |
| 5821 | + "mod_time": "2024-09-26 04:01:36 +0000", |
| 5822 | + "path": "/modules/auxiliary/admin/http/whatsup_gold_sqli.rb", |
| 5823 | + "is_install_path": true, |
| 5824 | + "ref_name": "admin/http/whatsup_gold_sqli", |
| 5825 | + "check": true, |
| 5826 | + "post_auth": true, |
| 5827 | + "default_credential": false, |
| 5828 | + "notes": { |
| 5829 | + "Stability": [ |
| 5830 | + "crash-safe" |
| 5831 | + ], |
| 5832 | + "Reliability": [ |
| 5833 | + "repeatable-session" |
| 5834 | + ], |
| 5835 | + "SideEffects": [ |
| 5836 | + "ioc-in-logs", |
| 5837 | + "config-changes" |
| 5838 | + ] |
| 5839 | + }, |
| 5840 | + "session_types": false, |
| 5841 | + "needs_cleanup": false, |
| 5842 | + "actions": [ |
| 5843 | + |
| 5844 | + ] |
| 5845 | + }, |
5782 | 5846 | "auxiliary_admin/http/wp_automatic_plugin_privesc": { |
5783 | 5847 | "name": "WordPress Plugin Automatic Config Change to RCE", |
5784 | 5848 | "fullname": "auxiliary/admin/http/wp_automatic_plugin_privesc", |
|
0 commit comments