Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-428 (未经引用的搜索路径或元素) — Vulnerability Class 296

296 vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素). AI Chinese analysis included.

CWE-428 represents a critical input validation weakness where software constructs search paths containing unquoted elements with whitespace or separators. This flaw typically enables privilege escalation attacks, as attackers can exploit the ambiguous parsing by placing malicious executables in parent directories, such as creating a file named "Program.exe" within a system folder. When a privileged process executes a command like WinExec without proper quoting, it may inadvertently run the attacker-controlled file instead of the intended target. Developers prevent this vulnerability by strictly enforcing quoted strings around all path elements in command-line arguments. Additionally, implementing strict input validation and avoiding dynamic path construction from untrusted sources ensures that the operating system correctly interprets the intended file location, thereby neutralizing the risk of unintended resource access or code execution.

MITRE CWE Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (3)
ImplementationProperly quote the full search path before executing a program on the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following example demonstrates the weakness.
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-4540 MTSoftware C-Lodop CLodopPrintService unquoted search path — C-Lodop 7.0 High2025-05-11
CVE-2025-1984 Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5 — Xerox® Desktop Print Experience 5.2 Medium2025-03-12
CVE-2025-0884 Privilege Escalation vulnerability has been discovered in OpenText™ Service Manager. — Service Manager 7.8 -2025-03-12
CVE-2025-24831 Acronis Cyber Protect Cloud Agent 代码问题漏洞 — Acronis Cyber Protect Cloud Agent 7.8 -2025-01-31
CVE-2025-21107 Dell NetWorker 代码问题漏洞 — NetWorker 7.8 High2025-01-30
CVE-2024-9287 Virtual environment (venv) activation scripts don't quote paths — CPython 10.0AICriticalAI2024-10-22
CVE-2024-9325 Intelbras InControl incontrol-service-watchdog.exe unquoted search path — InControl 7.8 High2024-09-29
CVE-2024-8996 Grafana Agent Flow on Windows Unquoted service path — Agent Flow 7.3 High2024-09-25
CVE-2024-8975 Grafana Alloy on Windows Unquoted service path — Alloy 7.3 High2024-09-25
CVE-2024-43457 Windows Setup and Deployment Elevation of Privilege Vulnerability — Windows 11 Version 24H2 7.8 High2024-09-10
CVE-2022-27592 QVR Smart Client — QVR Smart Client 6.7 Medium2024-09-06
CVE-2024-5963 An unquoted executable path exists in Hitachi Device Manager — Hitachi Device Manager 6.7 Medium2024-08-06
CVE-2024-31201 Plug and Track Thermoscan IP 安全漏洞 — Thermoscan IP 6.5 Medium2024-07-31
CVE-2024-5402 Mint Workbench I Unquoted Service Path Enumeration — Mint Workbench I 7.8 High2024-07-15
CVE-2024-6080 Intelbras InControl incontrolWebcam Service unquoted search path — InControl 7.8 High2024-06-17
CVE-2024-2747 Schneider Electric Easergy Studio 代码问题漏洞 — Easergy Studio 7.8 High2024-06-12
CVE-2024-31226 Sunshine's unquoted executable path could lead to hijacked execution flow — Sunshine 4.9 Medium2024-05-16
CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables — FactoryTalk® Remote Access™ 7.2AIHighAI2024-05-16
CVE-2024-4461 Unquoted path or search item vulnerability in SugarSync — SugarSync 7.8 High2024-05-03
CVE-2023-39464 Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability — SCADA Data Gateway 8.8 -2024-05-03
CVE-2024-34010 Acronis Cyber Protect 代码问题漏洞 — Acronis Cyber Protect Cloud Agent 7.8AIHighAI2024-04-29
CVE-2024-4031 MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability — MEVO WEBCAM APP 4.4 Medium2024-04-23
CVE-2024-22437 HPE MSA SAN Storage VSS Provider and CAPI Proxy Software, Elevation of Privilege — HPE MSA SAN Storage VSS Provider and CAPI Proxy Software 7.3 High2024-04-15
CVE-2024-1618 Unquoted item or search path vulnerability in Faronics Deep Freeze Server Standard — Deep Freeze Server Standard 7.8 High2024-03-12
CVE-2024-25552 Wiesemann & Theis: Multiple products prone to unquoted search path — Com Redirector PnP 7.8 High2024-03-01
CVE-2024-1201 PanteraSoft HDD Health search path or unquoted item vulnerability — HDD Health 7.8 High2024-02-02
CVE-2020-24682 Automation Studio and PVI Multiple unquoted service path vulnerabilities — Automation Studio 7.2 High2024-02-02
CVE-2023-7043 Unquoted path privilege vulnerability in ESET products for Windows — ESET Endpoint Security 3.3 Low2024-01-31
CVE-2023-6631 Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element — PowerSYSTEM Center 7.8 High2024-01-08
CVE-2023-0392 Okta LDAP Agent 安全漏洞 — LDAP Agent 8.8AIHighAI2023-11-08

Vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.