PT-2023-15701 · Unknown · Sunlogin Sunflower Simplified

Daffainfose

Publicado

2023-02-13

Atualizado

2025-10-18

CVE-2022-48323

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) version 1.0.1.43315

Description Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) version 1.0.1.43315 is susceptible to a path traversal issue. A remote, unauthenticated attacker can execute arbitrary programs on a victim host by sending a specially crafted HTTP request. The attack involves using the /check API endpoint with the cmd parameter set to ping../ followed by the path to a program, such as powershell.exe. This allows for traversal outside the intended directory and execution of commands on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2022-48323

Produtos afetados

Sunlogin Sunflower Simplified

PT-2023-15701 · Unknown · Sunlogin Sunflower Simplified

CVE-2022-48323

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9