CVE-2024-32737

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise versions prior to 2.8.3

Description: The issue is related to a SQL injection vulnerability in the query contract result function of the MCUDBHelper component in the corporate version of the PowerPanel Enterprise system. This vulnerability can be exploited by an unauthenticated remote attacker to leak sensitive information. The vulnerability exists due to the lack of protection measures for the SQL query structure.

Recommendations: For versions prior to 2.8.3, update to version 2.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the query contract result function within MCUDBHelper to minimize the risk of exploitation.