CVE-2024-58288

HIGH

Genexus Protection Server 9.7.2.10 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58288. PoCs published by SamAlucard.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in Genexus Protection Server 9.7.2.10. The service path contains spaces and is not enclosed in quotes, potentially allowing local privilege escalation if an attacker can place a malicious executable in the path.

Description

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.

Exploits (1)

exploitdb WRITEUP
by SamAlucard · textlocalwindows
https://www.exploit-db.com/exploits/52065

This is a writeup describing an unquoted service path vulnerability in Genexus Protection Server 9.7.2.10. The service path contains spaces and is not enclosed in quotes, potentially allowing local privilege escalation if an attacker can place a malicious executable in the path.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: Genexus Protection Server 9.7.2.10
Auth required
Prerequisites: Local access to the system · Ability to write to a directory in the unquoted service path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v4 8.7
EPSS 0.0009
EPSS Percentile 25.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Genexus/Genexus Protection Server 9.7.2.10
Published Dec 11, 2025
Tracked Since Feb 18, 2026