CVE-2022-50938

HIGH

CONTPAQi AdminPAQ 14.0.0 - Code Injection

Title source: llm

Description

CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system privileges during service startup.

Exploits (1)

exploitdb WRITEUP

by Angel Canseco · textlocalwindows

https://www.exploit-db.com/exploits/50690

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/50690

[Various Sources] https://www.contpaqi.com/descargas

[Third Party Advisory] https://www.vulncheck.com/advisories/contpaqi-adminpaq-unquoted-service-path

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

Contpaqi/CONTPAQ AdminPAQ 14.0.0

Published Jan 13, 2026

Tracked Since Feb 18, 2026