Description
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.netsarang.com/en/xlpd-update-history/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/ycdxsb/Vuln/blob/main/Xlpd-Unquoted-Service-Path/XLpd-Unquoted-Service-Path.md
Scores
CVSS v3
7.8
EPSS
0.0036
EPSS Percentile
28.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
netsarang/xlpd
< 7.0.0103
Published
Jun 29, 2022
Tracked Since
Feb 18, 2026