Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-428 (未经引用的搜索路径或元素) — Vulnerability Class 296

296 vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素). AI Chinese analysis included.

CWE-428 represents a critical input validation weakness where software constructs search paths containing unquoted elements with whitespace or separators. This flaw typically enables privilege escalation attacks, as attackers can exploit the ambiguous parsing by placing malicious executables in parent directories, such as creating a file named "Program.exe" within a system folder. When a privileged process executes a command like WinExec without proper quoting, it may inadvertently run the attacker-controlled file instead of the intended target. Developers prevent this vulnerability by strictly enforcing quoted strings around all path elements in command-line arguments. Additionally, implementing strict input validation and avoiding dynamic path construction from untrusted sources ensures that the operating system correctly interprets the intended file location, thereby neutralizing the risk of unintended resource access or code execution.

MITRE CWE Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (3)
ImplementationProperly quote the full search path before executing a program on the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following example demonstrates the weakness.
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-36384 IBM Db2 Privilege Escalation — Db2 for Linux, UNIX and Windows 8.4 High2026-01-30
CVE-2020-37060 Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path — Atomic Alarm Clock x86 7.8 High2026-01-30
CVE-2020-37059 Popcorn Time 6.2 - 'Update service' Unquoted Service Path — Popcorn Time 7.8 High2026-01-30
CVE-2020-37058 Andrea ST Filters Service 1.0.64.7 - Unquoted service path — Andrea ST Filters Service 7.8 High2026-01-30
CVE-2020-37030 Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path — Outline Service 7.8 High2026-01-30
CVE-2020-37021 Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path — Bandwidth Monitor 7.8 High2026-01-29
CVE-2020-37020 SonarQube 8.3.1 - Unquoted Service Path — SonarQube 7.8 High2026-01-29
CVE-2020-37016 BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path — BarcodeOCR 7.8 High2026-01-29
CVE-2020-37017 CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path — CodeMeter 7.8 High2026-01-29
CVE-2020-36991 ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path — ShareMouse 7.8 High2026-01-28
CVE-2020-36992 Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path — nordvpn 7.8 High2026-01-28
CVE-2020-36990 Input Director 1.4.3 - 'Input Director' Unquoted Service Path — Input Director 7.8 High2026-01-28
CVE-2020-36989 ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path — ForensiTAppxService 7.8 High2026-01-28
CVE-2020-36987 Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path — Program Access Controller 7.8 High2026-01-28
CVE-2020-36986 Prey 1.9.6 - "CronService" Unquoted Service Path — Prey 7.8 High2026-01-28
CVE-2020-36984 EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path — EPSON 7.8 High2026-01-28
CVE-2020-36985 IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path — IP Watcher 7.8 High2026-01-28
CVE-2020-36983 Quick 'n Easy FTP Service 3.2 - Unquoted Service Path — Quick 'n Easy FTP Service 7.8 High2026-01-27
CVE-2020-36982 Motorola Device Manager 2.5.4 - 'MotoHelperService.exe' Unquoted Service Path — Motorola Device Manager 7.8 High2026-01-27
CVE-2020-36981 Motorola Device Manager 2.4.5 - 'ForwardDaemon.exe ' Unquoted Service Path — Motorola Device Manager 7.8 High2026-01-27
CVE-2020-36980 SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path — SAntivirus IC 7.8 High2026-01-27
CVE-2020-36979 Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path — Coex Service Application 7.8 High2026-01-27
CVE-2020-36977 Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path — Wondershare Driver Install Service help 7.8 High2026-01-27
CVE-2020-36976 Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path — Global Registration Service 7.8 High2026-01-27
CVE-2020-36975 EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path — Status Monitor 3 7.8 High2026-01-27
CVE-2020-36974 Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unquoted Service Path — Realtek Andrea RT Filters 7.8 High2026-01-27
CVE-2020-36959 IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path — IDT PC Audio 7.8 High2026-01-26
CVE-2020-36958 Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path — Kite 7.8 High2026-01-26
CVE-2020-36957 PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path — PDF Complete 7.8 High2026-01-26
CVE-2020-36953 MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path — MiniTool ShadowMaker 7.8 High2026-01-26

Vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.