PT-2023-15701 · Unknown · Sunlogin Sunflower Simplified

Daffainfose

Published

2023-02-13

Updated

2025-10-18

CVE-2022-48323

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) version 1.0.1.43315

Description Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) version 1.0.1.43315 is susceptible to a path traversal issue. A remote, unauthenticated attacker can execute arbitrary programs on a victim host by sending a specially crafted HTTP request. The attack involves using the /check API endpoint with the cmd parameter set to ping../ followed by the path to a program, such as powershell.exe. This allows for traversal outside the intended directory and execution of commands on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-48323

Affected Products

Sunlogin Sunflower Simplified

PT-2023-15701 · Unknown · Sunlogin Sunflower Simplified

CVE-2022-48323

Weakness Enumeration

Related Identifiers

Affected Products

References · 9