CVE-2022-50904
Unquoted Service Path in Wondershare UBackit Enables Privilege Escalation
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wondershare | ubackit | 2.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in Wondershare UBackit version 2.0.5's 'wsbackup' service. Because the service executable path contains spaces and is not enclosed in quotes, a local attacker can place a malicious executable in a directory higher in the path hierarchy. When the service starts, Windows may execute the attacker's malicious code instead of the legitimate executable. This code runs with LocalSystem privileges, allowing the attacker to execute arbitrary code with elevated system privileges during service startup. [1, 3]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to execute arbitrary code with elevated system privileges (LocalSystem). This means the attacker can gain full control over the affected system, potentially leading to unauthorized access, data modification, or disruption of system availability. Because the service runs automatically with high privileges, the impact on confidentiality, integrity, and availability is high. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the service path of the 'wsbackup' service for unquoted paths containing spaces. On a Windows system, use the command: sc qc wsbackup. If the path to the executable is unquoted and contains spaces (e.g., C:\Program Files\Wondershare\Wondershare UBackit\wsbackup.exe without quotes), the system is vulnerable. Additionally, you can manually inspect the service executable path in the registry or services.msc for unquoted paths. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotes to prevent execution of malicious executables placed in higher-level directories. Alternatively, restrict local user permissions to prevent placing executables in those directories, or stop and disable the 'wsbackup' service until a patched version is available. Ensuring the service executable path is properly quoted will prevent exploitation of this vulnerability. [1, 3]