Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Mar 5, 2026

Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path

CVE-2022-50900

Description

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.

Affected products

Wondershare/Wondershare Dr.fonellm-fuzzy2 versions
=12.0.18+ 1 more
- (no CPE)range: =12.0.18
- (no CPE)range: 12.0.18

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/50813mitreexploit
www.vulncheck.com/advisories/wondershare-drfone-wondershare-installassist-unquoted-service-pathmitrethird-party-advisory
www.wondershare.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000