CVE-2022-48323
high-risk
Published 2023-02-13
Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.
Do I need to act?
!
86.9% chance of exploitation in next 30 days
EPSS score — higher than 13% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Technical Description
https://asec.ahnlab.com/en/47088/
Third Party Advisory
https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672
Technical Description
https://asec.ahnlab.com/en/47088/
Third Party Advisory
https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672
57
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
20/34 · Moderate
Exposure
5/34 · Minimal