CVEbaza.plSłownik CWECWE-428
Common Weakness Enumeration

CWE-428

Unquoted Search Path or Element

Kategoria: BaseCVE: 506
Opis

Produkt wykorzystuje ścieżkę wyszukiwania zawierającą niecytowany element, który zawiera białe znaki lub inne separatory. Może to spowodować dostęp produktu do zasobów znajdujących się w ścieżce nadrzędnej.

Description (EN)

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

Podatności CVE z CWE-428 (506)
9.8
CVSS
CRITICAL
CVE-2023-38408

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

pub. 2023-07-20
9.8
CVSS
CRITICAL
CVE-2022-36344

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

pub. 2022-08-16
9.8
CVSS
CRITICAL
CVE-2020-9292

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.

pub. 2020-06-04
9.8
CVSS
CRITICAL
CVE-2019-17658

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

pub. 2020-03-12
9.8
CVSS
CRITICAL
CVE-2019-8459

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

pub. 2019-06-20
9.2
CVSS
CRITICAL
CVE-2025-8070

Podatność typu unquoted ImagePath w konfiguracji usług Windows dla produktów ABP i AES firmy ASUSTOR umożliwia lokalnemu atakującemu wykonanie dowolnego kodu. W przypadku usług działających z podwyższonymi uprawnieniami eksploatacja prowadzi do privilege escalation do poziomu SYSTEM.

pub. 2025-07-23
9.1
CVSS
CRITICAL
CVE-2024-24722

Podatność typu unquoted service path w komponentach 12d Synergy Server oraz File Replication Server umożliwia nieuwierzytelnionemu atakującemu zdalne uzyskanie podwyższonych uprawnień. Ze względu na brak konieczności uwierzytelnienia i sieciowy wektor ataku, zagrożenie jest oceniane jako krytyczne.

pub. 2024-02-19
8.8
CVSS
HIGH
CVE-2025-12507

The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.

pub. 2025-10-31
8.8
CVSS
HIGH
CVE-2023-27298

Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.

pub. 2023-05-10
8.8
CVSS
HIGH
CVE-2020-27644

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.

pub. 2020-12-29
8.8
CVSS
HIGH
CVE-2020-27645

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.

pub. 2020-12-29
8.8
CVSS
HIGH
CVE-2016-5793

Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

pub. 2016-09-24
8.7
CVSS
HIGH
CVE-2024-58288

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.

pub. 2025-12-11
8.6
CVSS
HIGH
CVE-2023-53965

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

pub. 2025-12-22
8.5
CVSS
HIGH
CVE-2016-20085

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.

pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20086

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.

pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot.

pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20088

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.

pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20089

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.

pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20090

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.

pub. 2026-06-19
Pokazano 20 z 506 podatności
Informacje
ID: CWE-428
Typ: Base
Podatności: 506
MITRE CWE ↗
← Słownik CWE