漏洞描述
向日葵是一款免费的,集远程控制电脑手机、远程桌面连接、远程开机、远程管理、支持内网穿透的一体化远程控制管理工具软件。上海贝锐信息科技股份有限公司向日葵个人版forWindows存在命令执行漏洞,攻击者可利用该漏洞获取服务器控制权。
向日葵个人版for Windows命令执行漏洞(CNVD-2022-10270)
PoC代码
暂无相关漏洞推荐
- Windows PolicyConfiguration 计划任务特权提升漏洞(CVE-2025-60710)
- Windows 11 PolicyConfiguration 计划任务特权提升漏洞(CVE-2025-60710)
- Windows NTLMv2-SSP Hash信息泄露漏洞(CVE-2025-50154)
- POC CVE-2015-1635: Microsoft Windows 'HTTP.sys' - Remote Code Execution
- POC CVE-2017-7269: Windows Server 2003 & IIS 6.0 - Remote Code Execution
- POC CVE-2024-38472: Apache HTTPd Windows UNC - Server-Side Request Forgery
- POC CNVD-2022-10270: 向日葵 check 远程命令执行漏洞
- POC generic-windows-lfi: Generic Windows based LFI Test
- POC automatic-windows-updates-disabled: Automatic Windows Updates Disabled
- POC windows-anonymous-sid-enumeration-allowed: Windows Allows Anonymous SID Enumeration
- POC windows-defender-realtime-protection-disabled: Windows Defender Real-Time Protection Disabled
- POC windows-firewall-disabled: Windows Firewall Disabled
- POC windows-installer-elevated-privileges: Windows Installer Elevated Privileges Enabled