Vulnerability Details CVE-2024-5018
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory .
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.3%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-5018
-
cpe:2.3:a:progress:whatsup_gold:-
-
cpe:2.3:a:progress:whatsup_gold:11
-
cpe:2.3:a:progress:whatsup_gold:15.02
-
cpe:2.3:a:progress:whatsup_gold:16.3
-
cpe:2.3:a:progress:whatsup_gold:16.4
-
cpe:2.3:a:progress:whatsup_gold:17.1.1
-
cpe:2.3:a:progress:whatsup_gold:18.0
-
cpe:2.3:a:progress:whatsup_gold:21.1.0
-
cpe:2.3:a:progress:whatsup_gold:21.1.1
-
cpe:2.3:a:progress:whatsup_gold:21.1.2
-
cpe:2.3:a:progress:whatsup_gold:22.0.0
-
cpe:2.3:a:progress:whatsup_gold:22.0.1
-
cpe:2.3:a:progress:whatsup_gold:22.0.2
-
cpe:2.3:a:progress:whatsup_gold:22.1.0
-
cpe:2.3:a:progress:whatsup_gold:23.0.0
-
cpe:2.3:a:progress:whatsup_gold:23.0.1
-
cpe:2.3:a:progress:whatsup_gold:23.0.2
-
cpe:2.3:a:progress:whatsup_gold:23.1.0
-
cpe:2.3:a:progress:whatsup_gold:23.1.1
-
cpe:2.3:a:progress:whatsup_gold:23.1.2
-
cpe:2.3:a:progress:whatsup_gold:7.0
-
cpe:2.3:a:progress:whatsup_gold:7.03
-
cpe:2.3:a:progress:whatsup_gold:7.04
-
cpe:2.3:a:progress:whatsup_gold:8.0
-
cpe:2.3:a:progress:whatsup_gold:8.01
-
cpe:2.3:a:progress:whatsup_gold:8.03