CVE-2022-50904
Unknown Unknown - Not Provided

Unquoted Service Path in Wondershare UBackit Enables Privilege Escalation

Vulnerability report for CVE-2022-50904, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description

Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-07-06
AI Q&A
2026-01-14
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wondershare ubackit 2.0.5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in Wondershare UBackit version 2.0.5's 'wsbackup' service. Because the service executable path contains spaces and is not enclosed in quotes, a local attacker can place a malicious executable in a directory higher in the path hierarchy. When the service starts, Windows may execute the attacker's malicious code instead of the legitimate executable. This code runs with LocalSystem privileges, allowing the attacker to execute arbitrary code with elevated system privileges during service startup. [1, 3]

Impact Analysis

If exploited, this vulnerability allows a local attacker to execute arbitrary code with elevated system privileges (LocalSystem). This means the attacker can gain full control over the affected system, potentially leading to unauthorized access, data modification, or disruption of system availability. Because the service runs automatically with high privileges, the impact on confidentiality, integrity, and availability is high. [1, 3]

Detection Guidance

You can detect this vulnerability by checking the service path of the 'wsbackup' service for unquoted paths containing spaces. On a Windows system, use the command: sc qc wsbackup. If the path to the executable is unquoted and contains spaces (e.g., C:\Program Files\Wondershare\Wondershare UBackit\wsbackup.exe without quotes), the system is vulnerable. Additionally, you can manually inspect the service executable path in the registry or services.msc for unquoted paths. [3]

Mitigation Strategies

Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotes to prevent execution of malicious executables placed in higher-level directories. Alternatively, restrict local user permissions to prevent placing executables in those directories, or stop and disable the 'wsbackup' service until a patched version is available. Ensuring the service executable path is properly quoted will prevent exploitation of this vulnerability. [1, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50904. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart