KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2024-4885

PUBLISHED

WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability

Exploited in the wild PoC available Remote Low complexity No user interaction
Vendor
Progress Software Corporation
Product
WhatsUp Gold
Published
Jun 25, 2024
EPSS

Description

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

cisa nuclei_scanner nessus_scanner

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-03-03 00:00:00 UTC · Source

Proof of concept available

Recorded 2024-07-08 12:14:42 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Mar 03, 2025

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4885.yaml Apr 25, 2025
Nessus https://www.tenable.com/plugins/nessus/205145 Aug 07, 2024

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

sinsinology/CVE-2024-4885

github · Created 2024-07-08 12:14:42 UTC · 17 stars

Exploit for CVE-2024-4885

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nessus

  • Added to KEVIntel

  • Detected by Nuclei