CVE-2022-48323
Published: 13 February 2023
Summary
CVE-2022-48323 is a critical-severity Path Traversal (CWE-22) vulnerability in Sunlogin Sunflower. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Sunlogin Sunflower Simplified, also known as Sunflower Simple and Personal, version 1.0.1.43315 contains a path traversal vulnerability tracked as CVE-2022-48323 and CWE-22. The flaw resides in the handling of HTTP requests to the /check endpoint and carries a CVSS 3.1 score of 9.8, reflecting network-accessible, unauthenticated exploitation with full confidentiality, integrity, and availability impact.
A remote attacker without credentials can send a specially crafted request such as /check?cmd=ping../ followed by an arbitrary executable path to traverse directories and launch any program on the victim host, including powershell.exe. This grants the attacker the ability to execute arbitrary code and fully compromise the affected system.
The EPSS score for the vulnerability currently stands at 0.8688 with a recorded peak of 0.9069, indicating sustained and elevated exploitation interest after public disclosure. Public references include CNVD-2022-03672 and associated detection templates, though no vendor patch or mitigation details are provided in the available data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-51023
Vulnerability details
Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed…
more
by the pathname of the powershell.exe program.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.