CVE-2022-50900

Sažetak

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.

Reference

https://www.exploit-db.com/exploits/50813
https://www.vulncheck.com/advisories/wondershare-drfone-wondershare-installassist-unquoted-service-path
https://www.wondershare.com/

CVSS

Base:	8.4
Impact:	5.9
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

28-01-2026 - 19:59

Objavljeno

13-01-2026 - 23:15