8.5
CVE-2020-37254
- EPSS 0.12%
- Veröffentlicht 19.06.2026 14:16:52
- Zuletzt bearbeitet 23.06.2026 20:16:46
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Wondershare PDFelement 5.2.9 Privilege Escalation via Unquoted Service Path
Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerWondershare
≫
Produkt
PDFelement
Version
5.2.9
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.021 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| disclosure@vulncheck.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-428 Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
https://www.wondershare.com/
https://www.exploit-db.com/exploits/40535
http://download.wondershare.com/inst/pdfelement_setup_full1042.exe
https://www.vulncheck.com/advisories/wondershare-pdfelement-privilege-escalation-via-unquoted-service-path