CVE-2024-11305 | Altenergy Power Control Software up to 20241108 status_zigbee get_status_zigbee date sql injection

A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql injection.

This vulnerability was named CVE-2024-11305. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11305 | Altenergy Power Control Software up to 20241108 status_zigbee get_status_zigbee date sql injection

Related Posts

CVE-2023-52631 | Linux Kernel up to 5.15.148/6.1.77/6.6.16/6.7.4 ntfs3 ntfs_load_attr_list null pointer dereference

CVE-2023-46348 | SunnyToo sturls up to 1.1.12 on PrestaShop getInstanceId sql injection

CVE-2024-37883 | Nextcloud Deck App up to 1.12.0 Deck Board access control

CVE-2024-43365 | Cacti up to 1.2.27 HTTP POST Request links.php consolenewsection cross site scripting (GHSA-49f2-hwx9-qffr)