Common Weakness Enumeration

CWE-428

Allowed

Unquoted Search Path or Element

Abstraction: Base · Status: Draft

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

761 vulnerabilities reference this CWE, most recent first.

CVE-2016-15003 (GCVE-0-2016-15003)

Vulnerability from cvelistv5 – Published: 2022-07-18 08:35 – Updated: 2025-04-15 14:04
VLAI
Title
FileZilla Client Installer uninstall.exe unquoted search path
Summary
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
FileZilla Client Affected: 3.17.0.0
Create a notification for this product.
Credits
Cyril Vallicari
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:47:34.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39803/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://youtu.be/r06VwwJ9J4M"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.97204"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2016-15003",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T17:05:18.669915Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T14:04:41.448Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Client",
          "vendor": "FileZilla",
          "versions": [
            {
              "status": "affected",
              "version": "3.17.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Cyril Vallicari"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\\Program Files\\FileZilla FTP Client\\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428 Unquoted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T08:35:11.000Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.exploit-db.com/exploits/39803/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://youtu.be/r06VwwJ9J4M"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://vuldb.com/?id.97204"
        }
      ],
      "title": "FileZilla Client Installer uninstall.exe unquoted search path",
      "x_generator": "vuldb.com",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@vuldb.com",
          "ID": "CVE-2016-15003",
          "REQUESTER": "cna@vuldb.com",
          "STATE": "PUBLIC",
          "TITLE": "FileZilla Client Installer uninstall.exe unquoted search path"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Client",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.17.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FileZilla"
              }
            ]
          }
        },
        "credit": "Cyril Vallicari",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\\Program Files\\FileZilla FTP Client\\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            }
          ]
        },
        "generator": "vuldb.com",
        "impact": {
          "cvss": {
            "baseScore": "6.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-428 Unquoted Search Path"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.exploit-db.com/exploits/39803/",
              "refsource": "MISC",
              "url": "https://www.exploit-db.com/exploits/39803/"
            },
            {
              "name": "https://youtu.be/r06VwwJ9J4M",
              "refsource": "MISC",
              "url": "https://youtu.be/r06VwwJ9J4M"
            },
            {
              "name": "https://vuldb.com/?id.97204",
              "refsource": "MISC",
              "url": "https://vuldb.com/?id.97204"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2016-15003",
    "datePublished": "2022-07-18T08:35:11.000Z",
    "dateReserved": "2022-07-16T00:00:00.000Z",
    "dateUpdated": "2025-04-15T14:04:41.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0759 (GCVE-0-2014-0759)

Vulnerability from cvelistv5 – Published: 2014-02-28 02:00 – Updated: 2026-05-28 17:32
VLAI
Title
Schneider Electric Floating License Manager Unquoted Search Path or Element
Summary
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Schneider Electric Floating License Manager Affected: V1.0.0 , ≤ V1.4.0 (custom)
Create a notification for this product.
Date Public
2014-02-27 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2014-0759",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T17:30:21.642177Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T17:32:03.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Floating License Manager",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V1.4.0",
              "status": "affected",
              "version": "V1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2014-02-27T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUnquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.\u003c/p\u003e"
            }
          ],
          "value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T18:52:00.207Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDeployment of the Schneider Electric products using the vulnerable \nfloating license manager are designed to be automatically updated via \nthe Schneider Electric Software Update system.\u003c/p\u003e\n\u003cp\u003eSchneider Electric\u2019s latest download patches and known vulnerabilities are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Deployment of the Schneider Electric products using the vulnerable \nfloating license manager are designed to be automatically updated via \nthe Schneider Electric Software Update system.\n\n\nSchneider Electric\u2019s latest download patches and known vulnerabilities are available here:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page"
        }
      ],
      "source": {
        "advisory": "ICSA-14-058-01",
        "discovery": "INTERNAL"
      },
      "title": "Schneider Electric Floating License Manager Unquoted Search Path or Element",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0759",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01"
            },
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01",
              "refsource": "CONFIRM",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-0759",
    "datePublished": "2014-02-28T02:00:00.000Z",
    "dateReserved": "2014-01-02T00:00:00.000Z",
    "dateUpdated": "2026-05-28T17:32:03.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-229C-7J29-HV97

Vulnerability from github – Published: 2025-12-31 21:30 – Updated: 2025-12-31 21:30
VLAI
Details

Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36903"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-31T19:15:41Z",
    "severity": "HIGH"
  },
  "details": "Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service\u0027s unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot.",
  "id": "GHSA-229c-7j29-hv97",
  "modified": "2025-12-31T21:30:57Z",
  "published": "2025-12-31T21:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36903"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/49453"
    },
    {
      "type": "WEB",
      "url": "https://www.selea.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/selea-carplateserver-local-privilege-escalation-via-unquoted-service-path"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5621.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-24VX-27HC-7H4H

Vulnerability from github – Published: 2024-04-15 12:30 – Updated: 2024-04-15 12:30
VLAI
Details

A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22437"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-15T10:15:07Z",
    "severity": "HIGH"
  },
  "details": "\nA potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.\n\n",
  "id": "GHSA-24vx-27hc-7h4h",
  "modified": "2024-04-15T12:30:33Z",
  "published": "2024-04-15T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22437"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbst04630en_us"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2GR9-GWRG-JC3V

Vulnerability from github – Published: 2026-01-29 15:30 – Updated: 2026-01-29 15:30
VLAI
Details

10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-37021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-29T15:16:09Z",
    "severity": "HIGH"
  },
  "details": "10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup.",
  "id": "GHSA-2gr9-gwrg-jc3v",
  "modified": "2026-01-29T15:30:28Z",
  "published": "2026-01-29T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37021"
    },
    {
      "type": "WEB",
      "url": "https://www.10-strike.com"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/48591"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/bandwidth-monitor-svcstrikebandmontitor-unquoted-service-path"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2H5M-6PCF-VJF3

Vulnerability from github – Published: 2026-02-05 00:31 – Updated: 2026-02-05 00:31
VLAI
Details

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-25285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-05T00:15:52Z",
    "severity": "HIGH"
  },
  "details": "Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.",
  "id": "GHSA-2h5m-6pcf-vjf3",
  "modified": "2026-02-05T00:31:01Z",
  "published": "2026-02-05T00:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25285"
    },
    {
      "type": "WEB",
      "url": "https://www.alps.com/e"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/47637"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/alps-pointing-device-controller-aphidmonitorservice-unquoted-service-path"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2HMC-82RG-26HV

Vulnerability from github – Published: 2023-10-17 15:30 – Updated: 2024-04-04 08:43
VLAI
Details

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-17T15:15:10Z",
    "severity": "HIGH"
  },
  "details": "An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. \n",
  "id": "GHSA-2hmc-82rg-26hv",
  "modified": "2024-04-04T08:43:34Z",
  "published": "2023-10-17T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37537"
    },
    {
      "type": "WEB",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2JPM-7MPV-5FJM

Vulnerability from github – Published: 2026-01-14 00:31 – Updated: 2026-01-14 00:31
VLAI
Details

Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50920"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T23:15:55Z",
    "severity": "HIGH"
  },
  "details": "Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.",
  "id": "GHSA-2jpm-7mpv-5fjm",
  "modified": "2026-01-14T00:31:28Z",
  "published": "2026-01-14T00:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50920"
    },
    {
      "type": "WEB",
      "url": "https://sandboxie-plus.com"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/50819"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/sandboxie-plus-service-sbiesvc-unquoted-service-path"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2JPW-MVCX-5WQH

Vulnerability from github – Published: 2026-05-16 18:31 – Updated: 2026-05-16 18:31
VLAI
Details

VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute arbitrary code with LocalSystem privileges when services restart.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-16T16:16:22Z",
    "severity": "HIGH"
  },
  "details": "VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\\Program Files\\VX Search to execute arbitrary code with LocalSystem privileges when services restart.",
  "id": "GHSA-2jpw-mvcx-5wqh",
  "modified": "2026-05-16T18:31:38Z",
  "published": "2026-05-16T18:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47974"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/50026"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vx-search-unquoted-service-path-privilege-escalation"
    },
    {
      "type": "WEB",
      "url": "https://www.vxsearch.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2JXX-QPJM-MVC4

Vulnerability from github – Published: 2025-11-26 03:30 – Updated: 2025-11-26 03:30
VLAI
Details

The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables live in

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-26T02:15:50Z",
    "severity": "HIGH"
  },
  "details": "The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables live in",
  "id": "GHSA-2jxx-qpjm-mvc4",
  "modified": "2025-11-26T03:30:22Z",
  "published": "2025-11-26T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66269"
    },
    {
      "type": "WEB",
      "url": "https://www.megatec.com.tw/software-download"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation

Properly quote the full search path before executing a program on the system.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.