Cyber Resilience

CVE-2022-36572

CriticalPublic PoC

Published: 29 August 2022

Published
29 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0312 87.1th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-36572 is a critical-severity an unspecified weakness vulnerability in Sinsiu Enterprise Website System. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 12.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Sinsiu Sinsiu Enterprise Website System version 1.1.1.0 contains a remote code execution vulnerability in the component located at /upload/admin.php?/deal/. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack vectors that require neither authentication nor user interaction.

An unauthenticated attacker can send crafted requests to the affected endpoint and execute arbitrary code on the underlying server, resulting in full system compromise including the ability to read, modify, or delete data and install persistent malware.

Public references consist of GitHub repositories that appear to contain proof-of-concept material; no vendor advisories, patches, or official mitigation guidance are referenced in the available sources. The EPSS score rose from a low baseline to a peak of 0.0641 on 2025-12-11 before receding to the current value of 0.0312, indicating a measurable increase in observed exploitation interest after disclosure.

EU & UK References

Vulnerability details

Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sinsiu
enterprise website system
1.1.1.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References