CVE-2022-50915

HIGH

PTPublisher 2.3.4 - Code Injection

Title source: llm

Description

PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongleService.exe' to inject malicious executables and gain system-level access.

Exploits (1)

exploitdb WRITEUP

by bios · textlocalwindows

https://www.exploit-db.com/exploits/50885

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.primera.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/ptpublisher-unquoted-service-path

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/50885

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (2)

primera/ptpublisher 2.3.4

Primera/PTPublisher 2.3.4

Published Jan 13, 2026

Tracked Since Feb 18, 2026