Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-428 (未经引用的搜索路径或元素) — Vulnerability Class 296

296 vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素). AI Chinese analysis included.

CWE-428 represents a critical input validation weakness where software constructs search paths containing unquoted elements with whitespace or separators. This flaw typically enables privilege escalation attacks, as attackers can exploit the ambiguous parsing by placing malicious executables in parent directories, such as creating a file named "Program.exe" within a system folder. When a privileged process executes a command like WinExec without proper quoting, it may inadvertently run the attacker-controlled file instead of the intended target. Developers prevent this vulnerability by strictly enforcing quoted strings around all path elements in command-line arguments. Additionally, implementing strict input validation and avoiding dynamic path construction from untrusted sources ensures that the operating system correctly interprets the intended file location, thereby neutralizing the risk of unintended resource access or code execution.

MITRE CWE Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (3)
ImplementationProperly quote the full search path before executing a program on the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following example demonstrates the weakness.
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-42486 Fortect - CWE-428: Unquoted Search Path or Element — Fortect 6.3 Medium2023-09-27
CVE-2023-5012 Topaz OFD Protection Module Warsaw core.exe unquoted search path — OFD 5.3 Medium2023-09-16
CVE-2023-4991 NextBX QWAlerter QWAlerter.exe unquoted search path — QWAlerter 7.8 High2023-09-15
CVE-2023-2685 Unquoted Service Path in ABB AO-OPC — AO-OPC 7.2 High2023-07-28
CVE-2023-3842 Pointware EasyInventory Easy2W.exe unquoted search path — EasyInventory 7.8 High2023-07-23
CVE-2023-3438 Trellix MOVE 代码问题漏洞 — Trellix Move 4.4 Medium2023-07-03
CVE-2022-0357 Improper Quoting Path Issue in Bitdefender Total Security — Total Security 6.7 Medium2023-05-24
CVE-2023-2644 DigitalPersona FPSensor DpHost.exe unquoted search path — FPSensor 5.3 Medium2023-05-11
CVE-2023-2417 ks-soft Advanced Host Monitor rma_active.exe unquoted search path — Advanced Host Monitor 5.3 Medium2023-04-29
CVE-2023-2331 Bypassing hardening via Unquoted Service path vulnerability — Surelock Windows 7.8 High2023-04-27
CVE-2023-24575 Dell Multifunction Printer E525w 安全漏洞 — Dell Multifunction Printer E525w Driver and Software Suite 7.8 High2023-02-21
CVE-2023-0887 phjounin TFTPD64-SE tftpd64_svc.exe unquoted search path — TFTPD64-SE 7.0 High2023-02-17
CVE-2022-4258 Hima: Unquoted path vulnerabilities in HIMA PC based Software — HOPCS 7.8 High2023-01-16
CVE-2022-4429 Avira Security for Windows - Denial of Service — Avira Security for Windows 5.3 Medium2023-01-10
CVE-2022-33920 Dell GeoDrive 代码问题漏洞 — GeoDrive 7.8 High2022-10-12
CVE-2022-35292 SAP Business One 代码问题漏洞 — SAP Business One 7.3 -2022-09-13
CVE-2016-15003 FileZilla Client Installer uninstall.exe unquoted search path — Client 6.3 Medium2022-07-18
CVE-2022-31591 SAP BusinessObjects BW Publisher Service 代码问题漏洞 — SAP BusinessObjects (BW Publisher Service) 7.8 -2022-07-12
CVE-2022-2147 Unquoted Service Path in Cloudflare WARP for Windows — WARP 6.5 Medium2022-06-23
CVE-2022-31590 SAP PowerDesigner 代码问题漏洞 — SAP PowerDesigner Proxy 16.7 7.8 -2022-06-14
CVE-2022-0883 Windows Unquoted/Trusted Service Paths — Snow License Manager 7.3 High2022-05-18
CVE-2020-14521 Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element — C Controller Interface Module Utility 8.3 High2022-02-11
CVE-2021-45460 Siemens Sicam Pq Analyzer 代码问题漏洞 — SICAM PQ Analyzer 7.8 -2022-01-11
CVE-2021-23197 Gallagher Command Centre Server 代码问题漏洞 — Command Centre 5.2 Medium2021-11-18
CVE-2021-35231 Unquoted Path (SMB Login) Vulnerability — Kiwi Syslog Server 6.7 Medium2021-10-25
CVE-2021-23879 Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and ... — Endpoint Product Removal Tool 6.7 Medium2021-03-15
CVE-2020-35152 Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows — Cloudflare WARP for Windows 4.5 Medium2021-02-02
CVE-2021-21292 Unquoted Windows binary path in Traccar — traccar 5.5 Medium2021-02-02
CVE-2020-5147 Sonicwall SonicWall NetExtender Windows client 代码问题漏洞 — SonicWall NetExtender 7.8 -2021-01-09
CVE-2020-28209 Schneider Electric EcoStruxure Building Operation Enterprise Server 代码问题漏洞 — EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 7.0 -2020-11-19

Vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.