CVE-2024-58288

HIGH

Genexus Protection Server 9.7.2.10 - Code Injection

Title source: llm

Description

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.

Exploits (1)

exploitdb WRITEUP

by SamAlucard · textlocalwindows

https://www.exploit-db.com/exploits/52065

View Code ZIP pw:eip

References (4)

[Various Sources] https://www.genexus.com/en/developers/downloadcenter?data=;;

[Various Sources] https://www.genexus.com/es/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/52065

[Third Party Advisory] https://www.vulncheck.com/advisories/genexus-protection-server-unquoted-service-path-privilege-escalation

Scores

CVSS v4 8.7

EPSS 0.0011

EPSS Percentile 29.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-428

Status published

Products (1)

Genexus/Genexus Protection Server 9.7.2.10

Published Dec 11, 2025

Tracked Since Feb 18, 2026