Daffainfose

**Name of the Vulnerable Software and Affected Versions** Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) version 1.0.1.43315 **Description** Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) version 1.0.1.43315 is susceptible to a path traversal issue. A remote, unauthenticated attacker can execute arbitrary programs on a victim host by sending a specially crafted HTTP request. The attack involves using the `/check` API endpoint with the `cmd` parameter set to `ping../` followed by the path to a program, such as `powershell.exe`. This allows for traversal outside the intended directory and execution of commands on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.