CVE-2024-11305

MEDIUM EXPLOITED NUCLEI

Altenergy Power Control Software <20241108 - SQL Injection

Title source: llm

Exploitation Summary

CVE-2024-11305 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including iSee857. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2024-11305, demonstrating SQL injection in Altenergy software. The PoC sends a crafted payload to the '/index.php/display/status_zigbee' endpoint and checks for a specific response pattern to confirm vulnerability.

Description

A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/Altenergy(CVE-2024-11305).py

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-11305, demonstrating SQL injection in Altenergy software. The PoC sends a crafted payload to the '/index.php/display/status_zigbee' endpoint and checks for a specific response pattern to confirm vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Altenergy (specific version not specified)

No auth needed

Prerequisites: Network access to the target endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Altenergy Power Control Software - SQL Injection

MEDIUMby s4e-io

Shodan: http.title:"altenergy power control software"

FOFA: title="altenergy power control software"

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.284914

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.284914

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.439800

Various Sources exploit

https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/HYO%3BY)v%3B4%5C)jLCjp/Altenergy%20has%20a%20SQL%20injection%20vulnerability_status_zigbee.pdf

View Writeup ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0372

EPSS Percentile 88.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-12-24

CWE

CWE-74 CWE-89

Status published

Products (1)

Altenergy/Power Control Software 20241108

Published Nov 18, 2024

Tracked Since Feb 18, 2026