CVE-2022-36572
Published: 29 August 2022
Summary
CVE-2022-36572 is a critical-severity an unspecified weakness vulnerability in Sinsiu Enterprise Website System. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 12.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Sinsiu Sinsiu Enterprise Website System version 1.1.1.0 contains a remote code execution vulnerability in the component located at /upload/admin.php?/deal/. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack vectors that require neither authentication nor user interaction.
An unauthenticated attacker can send crafted requests to the affected endpoint and execute arbitrary code on the underlying server, resulting in full system compromise including the ability to read, modify, or delete data and install persistent malware.
Public references consist of GitHub repositories that appear to contain proof-of-concept material; no vendor advisories, patches, or official mitigation guidance are referenced in the available sources. The EPSS score rose from a low baseline to a peak of 0.0641 on 2025-12-11 before receding to the current value of 0.0312, indicating a measurable increase in observed exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-39278
Vulnerability details
Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.