CVE-2024-6670

CRITICAL KEV RANSOMWARE NUCLEI

WhatsUp Gold SQL Injection (CVE-2024-6670)

Title source: metasploit

Exploitation Summary

CVE-2024-6670 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 16, 2024, with confirmed use in ransomware campaigns. EIP tracks 2 public exploits from researchers including sinsinology, Michael Heinzl, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam), including a Metasploit module auxiliary/admin/http/whatsup_gold_sqli. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits an SQL injection vulnerability in Progress Software WhatsUp Gold to bypass authentication by updating the admin password. It uses a remote primitive to encrypt the new password and then injects SQL queries to exfiltrate and set the encrypted password.

Description

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

Exploits (2)

nomisec WORKING POC 35 stars

by sinsinology · remote

https://github.com/sinsinology/CVE-2024-6670

View Code ZIP pw:eip

This PoC exploits an SQL injection vulnerability in Progress Software WhatsUp Gold to bypass authentication by updating the admin password. It uses a remote primitive to encrypt the new password and then injects SQL queries to exfiltrate and set the encrypted password.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Progress Software WhatsUp Gold

No auth needed

Prerequisites: Network access to the target WhatsUp Gold instance · Valid target URL

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Michael Heinzl, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/whatsup_gold_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in WhatsUp Gold to change the password of an existing user (default: admin) to an attacker-controlled one. It leverages a blind SQLi technique to extract and modify credentials.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Progress WhatsUp Gold < v24.0.0

No auth needed

Prerequisites: Network access to the target · Default or known username

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WhatsUp Gold HasErrors SQL Injection - Authentication Bypass

CRITICALVERIFIEDby DhiyaneshDK,princechaddha

Shodan: title:"WhatsUp Gold" http.favicon.hash:-2107233094

References (3)

Core 3

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6670

Product product

https://www.progress.com/network-monitoring

Vendor Advisory vendor-advisory

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024

Scores

CVSS v3 9.8

EPSS 0.9447

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2024-09-16

VulnCheck KEV 2024-09-12

InTheWild.io 2024-09-16

ENISA EUVD EUVD-2024-48017

Ransomware Use Confirmed

CWE

CWE-89

Status published

Products (1)

progress/whatsup_gold < 24.0

Published Aug 29, 2024

KEV Added Sep 16, 2024

Tracked Since Feb 18, 2026