CVE-2023-26918

CRITICAL

Diasoft File Replication Pro 7.5.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-26918. PoCs published by Andrea Intilangelo.

AI-analyzed exploit summary The exploit describes a privilege escalation vulnerability in File Replication Pro 7.5.0 due to incorrect file permissions, allowing an attacker to replace the prunsrv.exe executable or modify the properties.xml file to gain LocalSystem privileges or reset passwords.

Description

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.

Exploits (1)

exploitdb WRITEUP
by Andrea Intilangelo · textlocalwindows
https://www.exploit-db.com/exploits/51375

The exploit describes a privilege escalation vulnerability in File Replication Pro 7.5.0 due to incorrect file permissions, allowing an attacker to replace the prunsrv.exe executable or modify the properties.xml file to gain LocalSystem privileges or reset passwords.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: File Replication Pro 7.5.0
No auth needed
Prerequisites: Access to the system with the vulnerable software installed · Ability to write to the FileReplicationPro directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0605
EPSS Percentile 92.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-276
Status published
Products (1)
filereplicationpro/file_replication_pro 7.5.0
Published Apr 14, 2023
Tracked Since Feb 18, 2026