VYPR

Cyberpower Powerpanel Enterprise

by Cyberpower

CVEs (5)

  • CVE-2024-32735May 9, 2024
    risk 0.06cvss epss 0.72

    An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.

  • CVE-2024-32739May 9, 2024
    risk 0.05cvss epss 0.68

    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.

  • CVE-2024-32736May 9, 2024
    risk 0.05cvss epss 0.68

    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.

  • CVE-2024-32738May 9, 2024
    risk 0.04cvss epss 0.52

    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.

  • CVE-2024-32737May 9, 2024
    risk 0.04cvss epss 0.52

    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.