CVE-2024-32737 Information

Description

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the \query_contract_result\ function within MCUDBHelper.

Reference

https://www.tenable.com/security/research/tra-2024-14 https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote