VYPR

CWE-428

Unquoted Search Path or Element

BaseDraft

Description

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (233)

page 7 of 12
  • CVE-2021-47890HigJan 23, 2026
    risk 0.51cvss 7.8epss 0.00

    LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access…

  • CVE-2021-47889HigJan 23, 2026
    risk 0.51cvss 7.8epss 0.00

    Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros…

  • CVE-2021-47887HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject…

  • CVE-2021-47886HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' to inject malicious…

  • CVE-2021-47884HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.ex…

  • CVE-2021-47883HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem…

  • CVE-2021-47882HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem…

  • CVE-2021-47880HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that…

  • CVE-2021-47879HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus…

  • CVE-2021-47878HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code…

  • CVE-2021-47874HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched…

  • CVE-2021-47869HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\…

  • CVE-2021-47868HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files \WINPAKPRO\WPCommandFileService Service.exe…

  • CVE-2021-47867HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files \WINPAKPRO\ScheduleService Service.exe'…

  • CVE-2021-47866HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files \WINPAKPRO\WP GuardTour Service.exe to…

  • CVE-2021-47864HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path,…

  • CVE-2021-47863HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables…

  • CVE-2021-47862HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with…

  • CVE-2021-47861HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system…

  • CVE-2021-47859HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious…