Описание
Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.
Ссылки
- Technical Description
- ExploitThird Party Advisory
- Third Party Advisory
- Technical Description
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sunlogin:sunflower:1.0.1.43315:*:*:*:simple:*:*:*
EPSS
Процентиль: 100%
0.9017
Критический
9.8 Critical
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
почти 3 года назад
Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.
EPSS
Процентиль: 100%
0.9017
Критический
9.8 Critical
CVSS3
Дефекты
CWE-22
CWE-22