CVE-2022-50904
Unknown Unknown - Not Provided
Unquoted Service Path in Wondershare UBackit Enables Privilege Escalation

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50904
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wondershare ubackit 2.0.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in Wondershare UBackit version 2.0.5's 'wsbackup' service. Because the service executable path contains spaces and is not enclosed in quotes, a local attacker can place a malicious executable in a directory higher in the path hierarchy. When the service starts, Windows may execute the attacker's malicious code instead of the legitimate executable. This code runs with LocalSystem privileges, allowing the attacker to execute arbitrary code with elevated system privileges during service startup. [1, 3]

Impact Analysis

If exploited, this vulnerability allows a local attacker to execute arbitrary code with elevated system privileges (LocalSystem). This means the attacker can gain full control over the affected system, potentially leading to unauthorized access, data modification, or disruption of system availability. Because the service runs automatically with high privileges, the impact on confidentiality, integrity, and availability is high. [1, 3]

Detection Guidance

You can detect this vulnerability by checking the service path of the 'wsbackup' service for unquoted paths containing spaces. On a Windows system, use the command: sc qc wsbackup. If the path to the executable is unquoted and contains spaces (e.g., C:\Program Files\Wondershare\Wondershare UBackit\wsbackup.exe without quotes), the system is vulnerable. Additionally, you can manually inspect the service executable path in the registry or services.msc for unquoted paths. [3]

Mitigation Strategies

Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotes to prevent execution of malicious executables placed in higher-level directories. Alternatively, restrict local user permissions to prevent placing executables in those directories, or stop and disable the 'wsbackup' service until a patched version is available. Ensuring the service executable path is properly quoted will prevent exploitation of this vulnerability. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50904. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart