CVE-2024-32736

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise versions prior to 2.8.3

Description: A sql injection vulnerability exists in the software, allowing an unauthenticated remote attacker to leak sensitive information via the query utask verbose function within MCUDBHelper. This issue is related to the lack of protection measures for the SQL query structure.

Recommendations: For versions prior to 2.8.3, update to version 2.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the query utask verbose function within MCUDBHelper to minimize the risk of exploitation.