Primary

Context

SMA Sunny Portal Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in SMA Sunny Portal versions prior to 19.12.2024. This vulnerability allows an unauthenticated remote attacker to upload a .aspx file instead of a PV system picture through the demo account. The uploaded code can be executed, but only in the security context of the user.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the executed code running in the context of the user.

Remediation

The vulnerability has been addressed, and no action is required. Users should ensure they are using a version of Sunny Portal released after December 19, 2024.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SMA Sunny Portal Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating