CWE-428
AllowedUnquoted Search Path or Element
Abstraction: Base · Status: Draft
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
761 vulnerabilities reference this CWE, most recent first.
GHSA-PX83-MV29-QM8Q
Vulnerability from github – Published: 2022-04-05 00:00 – Updated: 2022-04-12 00:00An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
{
"affected": [],
"aliases": [
"CVE-2021-43456"
],
"database_specific": {
"cwe_ids": [
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-04T15:15:00Z",
"severity": "HIGH"
},
"details": "An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.",
"id": "GHSA-px83-mv29-qm8q",
"modified": "2022-04-12T00:00:56Z",
"published": "2022-04-05T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43456"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192729"
},
{
"type": "WEB",
"url": "https://github.com/M507/Miner"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/49203"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX86-67MP-QR95
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2023-03-01 21:30An unquoted service path vulnerability is reported to affect the service ?QVssService? in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108.
{
"affected": [],
"aliases": [
"CVE-2019-7201"
],
"database_specific": {
"cwe_ids": [
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-04T17:16:00Z",
"severity": "HIGH"
},
"details": "An unquoted service path vulnerability is reported to affect the service ?QVssService? in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108.",
"id": "GHSA-px86-67mp-qr95",
"modified": "2023-03-01T21:30:20Z",
"published": "2022-05-24T17:02:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7201"
},
{
"type": "WEB",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201912-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2HV-QV75-G6VG
Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2024-04-04 02:46A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
{
"affected": [],
"aliases": [
"CVE-2019-20357"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-18T00:15:00Z",
"severity": "HIGH"
},
"details": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.",
"id": "GHSA-q2hv-qv75-g6vg",
"modified": "2024-04-04T02:46:35Z",
"published": "2022-05-24T17:06:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20357"
},
{
"type": "WEB",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Jan/28"
},
{
"type": "WEB",
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q438-W288-P457
Vulnerability from github – Published: 2026-02-11 15:30 – Updated: 2026-02-11 15:30Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.
{
"affected": [],
"aliases": [
"CVE-2019-25308"
],
"database_specific": {
"cwe_ids": [
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T15:16:09Z",
"severity": "HIGH"
},
"details": "Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.",
"id": "GHSA-q438-w288-p457",
"modified": "2026-02-11T15:30:27Z",
"published": "2026-02-11T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25308"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/47510"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/mikogo-mikogo-service-unquoted-service-path"
},
{
"type": "WEB",
"url": "http://html.tucows.com/preview/518015/Mikogo?q=remote+support"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q4VR-QFHC-8WP3
Vulnerability from github – Published: 2025-11-11 09:30 – Updated: 2025-11-11 09:30AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into the installation path of AXIS Optimizer.
{
"affected": [],
"aliases": [
"CVE-2025-10714"
],
"database_specific": {
"cwe_ids": [
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T08:15:33Z",
"severity": "HIGH"
},
"details": "AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into\u00a0the installation path of AXIS Optimizer.",
"id": "GHSA-q4vr-qfhc-8wp3",
"modified": "2025-11-11T09:30:30Z",
"published": "2025-11-11T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10714"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/a2/c7/8c/cve-2025-10714pdf-en-US-504221.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q55H-FQRF-Q889
Vulnerability from github – Published: 2022-05-14 02:21 – Updated: 2022-05-14 02:21Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.
{
"affected": [],
"aliases": [
"CVE-2018-11063"
],
"database_specific": {
"cwe_ids": [
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-10T20:29:00Z",
"severity": "HIGH"
},
"details": "Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.",
"id": "GHSA-q55h-fqrf-q889",
"modified": "2022-05-14T02:21:24Z",
"published": "2022-05-14T02:21:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11063"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/article/us/en/19/sln313398/dell-wyse-management-suite-multiple-unquoted-service-path-vulnerabilities?lang=en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q6RM-5G26-W39W
Vulnerability from github – Published: 2026-05-16 18:31 – Updated: 2026-05-16 18:31Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during service startup or system reboot.
{
"affected": [],
"aliases": [
"CVE-2020-37232"
],
"database_specific": {
"cwe_ids": [
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-16T16:16:19Z",
"severity": "HIGH"
},
"details": "Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during service startup or system reboot.",
"id": "GHSA-q6rm-5g26-w39w",
"modified": "2026-05-16T18:31:36Z",
"published": "2026-05-16T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37232"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/49049"
},
{
"type": "WEB",
"url": "https://www.iobit.com"
},
{
"type": "WEB",
"url": "https://www.iobit.com/es/advancedsystemcarepro.php"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/advanced-system-care-service-unquoted-service-path-privilege-escalation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q7RH-W25V-MPJ8
Vulnerability from github – Published: 2024-01-08 21:30 – Updated: 2024-01-08 21:30PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
{
"affected": [],
"aliases": [
"CVE-2023-6631"
],
"database_specific": {
"cwe_ids": [
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-08T19:15:10Z",
"severity": "HIGH"
},
"details": "PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.\n\n\n\n\n\n",
"id": "GHSA-q7rh-w25v-mpj8",
"modified": "2024-01-08T21:30:33Z",
"published": "2024-01-08T21:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6631"
},
{
"type": "WEB",
"url": "https://subnet.com/contact"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q99P-4XCR-JC8R
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.
{
"affected": [],
"aliases": [
"CVE-2021-27608"
],
"database_specific": {
"cwe_ids": [
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-14T15:15:00Z",
"severity": "HIGH"
},
"details": "An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.",
"id": "GHSA-q99p-4xcr-jc8r",
"modified": "2022-05-24T17:47:36Z",
"published": "2022-05-24T17:47:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27608"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3039649"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q9GX-P594-4CW3
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient.
{
"affected": [],
"aliases": [
"CVE-2017-13993"
],
"database_specific": {
"cwe_ids": [
"CWE-427",
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-05T01:29:00Z",
"severity": "HIGH"
},
"details": "An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient.",
"id": "GHSA-q9gx-p594-4cw3",
"modified": "2022-05-13T01:37:42Z",
"published": "2022-05-13T01:37:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13993"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100659"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Properly quote the full search path before executing a program on the system.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.