Common Weakness Enumeration

CWE-428

Allowed

Unquoted Search Path or Element

Abstraction: Base · Status: Draft

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

761 vulnerabilities reference this CWE, most recent first.

GHSA-GMGR-4MX6-9F7M

Vulnerability from github – Published: 2026-04-04 15:30 – Updated: 2026-04-04 15:30
VLAI
Details

Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-20058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-04T14:16:18Z",
    "severity": "HIGH"
  },
  "details": "Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.",
  "id": "GHSA-gmgr-4mx6-9f7m",
  "modified": "2026-04-04T15:30:20Z",
  "published": "2026-04-04T15:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20058"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40540"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/netgate-amiti-antivirus-build-unquoted-service-path-privilege-escalation"
    },
    {
      "type": "WEB",
      "url": "http://www.netgate.sk"
    },
    {
      "type": "WEB",
      "url": "http://www.netgate.sk/download/download.php?id=11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GRQQ-HCC7-CRMR

Vulnerability from github – Published: 2024-10-22 18:32 – Updated: 2025-11-04 00:31
VLAI
Details

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428",
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-22T17:15:06Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected.",
  "id": "GHSA-grqq-hcc7-crmr",
  "modified": "2025-11-04T00:31:47Z",
  "published": "2024-10-22T18:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9287"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/issues/124651"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/pull/124712"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250425-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GVJR-X44C-P2VX

Vulnerability from github – Published: 2026-02-01 15:32 – Updated: 2026-02-01 15:32
VLAI
Details

BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-37061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-01T15:16:04Z",
    "severity": "HIGH"
  },
  "details": "BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.",
  "id": "GHSA-gvjr-x44c-p2vx",
  "modified": "2026-02-01T15:32:31Z",
  "published": "2026-02-01T15:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37061"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/48078"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/bootp-turbo-bootp-turbo-unquoted-service-path"
    },
    {
      "type": "WEB",
      "url": "https://www.weird-solutions.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GW48-MF2P-74MV

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20
VLAI
Details

A vulnerability has been identified in SIMATIC Automation Tool (All versions), SIMATIC NET PC software (All versions V16 < V16 Upd3), SIMATIC PCS 7 (All versions), SIMATIC PCS neo (All versions), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) V14 (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions), SIMATIC WinCC OA V3.16 (All versions < P018), SIMATIC WinCC OA V3.17 (All versions < P003), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions), SIMATIC WinCC Runtime Professional V15 (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER commissioning tool (All versions), SINAMICS Startdrive (All versions), SINEC NMS (All versions), SINEMA Server (All versions), SINUMERIK ONE virtual (All versions), SINUMERIK Operate (All versions). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7580"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-10T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC Automation Tool (All versions), SIMATIC NET PC software (All versions V16 \u003c V16 Upd3), SIMATIC PCS 7 (All versions), SIMATIC PCS neo (All versions), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (All versions \u003c V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) V14 (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions), SIMATIC WinCC OA V3.16 (All versions \u003c P018), SIMATIC WinCC OA V3.17 (All versions \u003c P003), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions), SIMATIC WinCC Runtime Professional V15 (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 3), SINAMICS STARTER commissioning tool (All versions), SINAMICS Startdrive (All versions), SINEC NMS (All versions), SINEMA Server (All versions), SINUMERIK ONE virtual (All versions), SINUMERIK Operate (All versions). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted.",
  "id": "GHSA-gw48-mf2p-74mv",
  "modified": "2022-05-24T17:20:08Z",
  "published": "2022-05-24T17:20:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7580"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GX49-6279-2P55

Vulnerability from github – Published: 2022-04-05 00:00 – Updated: 2022-04-12 00:00
VLAI
Details

An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43455"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-04T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path.",
  "id": "GHSA-gx49-6279-2p55",
  "modified": "2022-04-12T00:00:56Z",
  "published": "2022-04-05T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43455"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197919"
    },
    {
      "type": "WEB",
      "url": "https://github.com/M507/Miner"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/49630"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXX5-7X36-J997

Vulnerability from github – Published: 2023-01-10 12:30 – Updated: 2023-01-13 09:30
VLAI
Details

Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-10T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78",
  "id": "GHSA-gxx5-7x36-j997",
  "modified": "2023-01-13T09:30:26Z",
  "published": "2023-01-10T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4429"
    },
    {
      "type": "WEB",
      "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H259-67JX-3Q85

Vulnerability from github – Published: 2026-06-19 15:33 – Updated: 2026-06-19 15:33
VLAI
Details

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50971"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-19T15:16:34Z",
    "severity": "HIGH"
  },
  "details": "Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.",
  "id": "GHSA-h259-67jx-3q85",
  "modified": "2026-06-19T15:33:19Z",
  "published": "2026-06-19T15:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50971"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/50806"
    },
    {
      "type": "WEB",
      "url": "https://www.malwarebytes.com"
    },
    {
      "type": "WEB",
      "url": "https://www.malwarebytes.com/mwb-download"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/malwarebytes-unquoted-service-path-privilege-escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H59M-8F5F-H863

Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30
VLAI
Details

Windows Setup and Deployment Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43457"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T17:15:33Z",
    "severity": "HIGH"
  },
  "details": "Windows Setup and Deployment Elevation of Privilege Vulnerability",
  "id": "GHSA-h59m-8f5f-h863",
  "modified": "2024-09-10T18:30:46Z",
  "published": "2024-09-10T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43457"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43457"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5G4-F7PV-2P3R

Vulnerability from github – Published: 2026-01-21 18:30 – Updated: 2026-01-21 18:30
VLAI
Details

VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47874"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-21T18:16:20Z",
    "severity": "HIGH"
  },
  "details": "VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot.",
  "id": "GHSA-h5g4-f7pv-2p3r",
  "modified": "2026-01-21T18:30:31Z",
  "published": "2026-01-21T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47874"
    },
    {
      "type": "WEB",
      "url": "https://vfsforgit.org"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/49661"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vfs-for-git-gvfsservice-unquoted-service-path"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H6F8-572J-WXRC

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10619"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-07T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.",
  "id": "GHSA-h6f8-572j-wxrc",
  "modified": "2022-05-13T01:34:59Z",
  "published": "2022-05-13T01:34:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10619"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44892"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104415"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Properly quote the full search path before executing a program on the system.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.