Cyberpower Powerpanel Enterprise vulnerabilities
5 known vulnerabilities affecting cyberpower/cyberpower_powerpanel_enterprise.
Total CVEs
5
CISA KEV
0
Public exploits
5
Exploited in wild
5
Severity breakdown
CRITICAL1HIGH4
Vulnerabilities
Page 1 of 1
CVE-2024-32735P1CRITICALCVSS 9.8ExploitedPoCfixed in 2.8.32024-05-14
CVE-2024-32735 [CRITICAL] CWE-306 CVE-2024-32735: An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Ente
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
nvd
CVE-2024-32739P1HIGHCVSS 7.5ExploitedPoCfixed in 2.8.32024-05-14
CVE-2024-32739 [HIGH] CWE-89 CVE-2024-32739: A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthe
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.
nvd
CVE-2024-32736P1HIGHCVSS 7.5ExploitedPoCfixed in 2.8.32024-05-14
CVE-2024-32736 [HIGH] CWE-89 CVE-2024-32736: A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthe
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.
nvd
CVE-2024-32737P1HIGHCVSS 7.5ExploitedPoCfixed in 2.8.32024-05-14
CVE-2024-32737 [HIGH] CWE-89 CVE-2024-32737: A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthe
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.
nvd
CVE-2024-32738P1HIGHCVSS 7.5ExploitedPoCfixed in 2.8.32024-05-14
CVE-2024-32738 [HIGH] CWE-89 CVE-2024-32738: A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthe
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.
nvd