■ ■ ■ ■ ■ ■
pocs/afrog-pocs/f-CNVD/2022/CNVD-2022-10270.yaml
| 1 | 1 | | id: CNVD-2022-10270 |
| 2 | 2 | | |
| 3 | 3 | | info: |
| 4 | | - | name: Sunflower Simple and Personal - Remote Code Execution |
| 5 | | - | author: daffainfo |
| | 4 | + | name: 向日葵 check 远程命令执行漏洞 |
| | 5 | + | author: zan8in |
| 6 | 6 | | severity: critical |
| 7 | 7 | | description: | |
| 8 | | - | Sunflower Simple and Personal is susceptible to a remote code execution vulnerability. |
| | 8 | + | 向日葵通过发送特定的请求获取CID后,可调用 check接口实现远程命令执行,导致服务器权限被获取 |
| 9 | 9 | | body="Verification failure" |
| 10 | 10 | | reference: |
| 11 | | - | - https://www.1024sou.com/article/741374.html |
| 12 | | - | - https://copyfuture.com/blogs-details/202202192249158884 |
| 13 | | - | - https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270 |
| 14 | | - | - https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672 |
| | 11 | + | - http://wiki.peiqi.tech/wiki/serverapp/%E5%90%91%E6%97%A5%E8%91%B5/%E5%90%91%E6%97%A5%E8%91%B5%20check%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CNVD-2022-10270.html |
| 15 | 12 | | |
| 16 | 13 | | rules: |
| 17 | 14 | | r0: |
| skipped 15 lines |
