CVE-2022-48323

CVSS V2 None CVSS V3 None
Description
Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.
Overview
  • CVE ID
  • CVE-2022-48323
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-13T05:15:13
  • Last Modified Date
  • 2023-02-24T16:06:27
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:sunlogin:sunflower:1.0.1.43315:*:*:*:simple:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2023-04-17 07:36:36 Added to TrackCVE
2023-04-17 07:36:37 Weakness Enumeration new