CVE-2020-36927

HIGH

DiskPulse Enterprise 13.6.14 - Code Injection

Title source: llm

Description

DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject malicious executables and escalate privileges.

Exploits (1)

exploitdb WRITEUP
by Brian Rodriguez · textlocalwindows
https://www.exploit-db.com/exploits/50012

References (3)

Scores

CVSS v3 7.8
EPSS 0.0001
EPSS Percentile 0.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
flexense/diskpulse 13.6.14
Published Jan 16, 2026
Tracked Since Feb 18, 2026