exploitDog

CVE-2022-50900

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 8.4

CVSS3: 7.8

EPSS Низкий

Описание

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.

Ссылки

https://www.exploit-db.com/exploits/50813
Exploit
https://www.vulncheck.com/advisories/wondershare-drfone-wondershare-installassist-unquoted-service-path
Third Party Advisory
https://www.wondershare.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wondershare:dr.fone:12.0.18:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00014

Низкий

8.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-428

Связанные уязвимости

GHSA-cf2j-vp4v-vp5c

CVSS3: 8.4

github

25 дней назад

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.

EPSS

Процентиль: 2%

0.00014

Низкий

8.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-428