Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-428 (未经引用的搜索路径或元素) — Vulnerability Class 296

296 vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素). AI Chinese analysis included.

CWE-428 represents a critical input validation weakness where software constructs search paths containing unquoted elements with whitespace or separators. This flaw typically enables privilege escalation attacks, as attackers can exploit the ambiguous parsing by placing malicious executables in parent directories, such as creating a file named "Program.exe" within a system folder. When a privileged process executes a command like WinExec without proper quoting, it may inadvertently run the attacker-controlled file instead of the intended target. Developers prevent this vulnerability by strictly enforcing quoted strings around all path elements in command-line arguments. Additionally, implementing strict input validation and avoiding dynamic path construction from untrusted sources ensures that the operating system correctly interprets the intended file location, thereby neutralizing the risk of unintended resource access or code execution.

MITRE CWE Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (3)
ImplementationProperly quote the full search path before executing a program on the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following example demonstrates the weakness.
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-50935 FLAME II MODEM USB - Unquoted Service Path — FLAME II MODEM USB 9.8 Critical2026-01-13
CVE-2022-50933 Cain & Abel 4.9.56 - Unquoted Service Path — Cain & Abel 7.8 High2026-01-13
CVE-2022-50930 Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path — Emerson PAC Machine Edition 8.4 High2026-01-13
CVE-2022-50929 Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path — Connectify Hotspot 8.4 High2026-01-13
CVE-2022-50928 Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path — Bluetooth Application BlueSoleilCS 7.8 High2026-01-13
CVE-2022-50924 Private Internet Access 3.3 - 'pia-service' Unquoted Service Path — Private Internet Access 8.4 High2026-01-13
CVE-2022-50923 Cobian Backup 0.9 - Unquoted Service Path — Cobian Backup 7.8 High2026-01-13
CVE-2022-50920 Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path — Sandboxie Plus 8.4 High2026-01-13
CVE-2022-50921 WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path — WOW21 7.8 High2026-01-13
CVE-2022-50918 VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path — VIVE Runtime Service 8.4 High2026-01-13
CVE-2022-50917 ProtonVPN 1.26.0 - Unquoted Service Path — ProtonVPN 7.8 High2026-01-13
CVE-2022-50915 PTPublisher 2.3.4 - Unquoted Service Path — PTPublisher 7.8 High2026-01-13
CVE-2022-50914 EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path — EaseUS Data Recovery 8.4 High2026-01-13
CVE-2022-50913 TCQ - 'ITeCProteccioAppServer.exe' Unquoted Service Path — TCQ 8.4 High2026-01-13
CVE-2022-50904 Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path — Wondershare UBackit 8.4 High2026-01-13
CVE-2022-50903 Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path — Wondershare MobileTrans 8.4 High2026-01-13
CVE-2022-50900 Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path — Wondershare Dr.Fone 8.4 High2026-01-13
CVE-2022-50901 Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path — Wondershare Dr.Fone 8.4 High2026-01-13
CVE-2022-50693 Splashtop 8.71.12001.0 - Unquoted Service Path — Splashtop 8.4 High2026-01-13
CVE-2019-25231 devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation — devolo dLAN Cockpit 8.4 High2026-01-07
CVE-2020-36903 Selea CarPlateServer 4.0.1.6 Local Privilege Escalation via Unquoted Service Path — Selea CarPlateServer (CPS) 8.4 High2025-12-31
CVE-2024-58315 Tosibox Key Service 3.3.0 Local Privilege Escalation via Unquoted Service Path — Tosibox Key Service 7.8 High2025-12-30
CVE-2025-59888 Eaton UPS Companion 安全漏洞 — UPS Companion software 6.7 Medium2025-12-26
CVE-2021-47739 Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation via Unquoted Service Path — Easy Anti-Cheat 8.4 High2025-12-23
CVE-2023-53965 SOUND4 Server Service 4.1.102 Local Privilege Escalation via Unquoted Service Path — SOUND4 Server Service 8.4 High2025-12-22
CVE-2022-50688 Cobian Backup Gravity 11.2.0.582 Unquoted Service Path Privilege Escalation — Cobian Backup Gravity 8.4 High2025-12-22
CVE-2025-14018 Unquoted Service Path in NetBT Consultancy's e-Fatura — e-Fatura 7.3 High2025-12-22
CVE-2023-53954 ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability — ActFax 6.2 Medium2025-12-19
CVE-2023-53946 Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path Privilege Escalation — PhotoStudio 8.4 High2025-12-19
CVE-2023-53947 OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation — OCS Inventory NG 8.4 High2025-12-19

Vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.