CVE-2024-32738

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise versions prior to 2.8.3

Description: A sql injection vulnerability exists in the query ptask lean function within MCUDBHelper, allowing an unauthenticated remote attacker to leak sensitive information. The vulnerability is related to the lack of protection measures for the SQL query structure.

Recommendations: For versions prior to 2.8.3, update to version 2.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the query ptask lean function within MCUDBHelper to minimize the risk of exploitation.