CVE-2022-50900

HIGH

Wondershare Dr.Fone 12.0.18 - Code Injection

Title source: llm

Description

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.

Exploits (1)

exploitdb WRITEUP

by Mohamed Alzhrani · textlocalwindows

https://www.exploit-db.com/exploits/50813

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/50813

[Third Party Advisory] https://www.vulncheck.com/advisories/wondershare-drfone-wondershare-installassist-unquoted-service-path

[Product] https://www.wondershare.com/

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

wondershare/dr.fone 12.0.18

Published Jan 13, 2026

Tracked Since Feb 18, 2026