CVE-2022-50903

EUVD-2026-2635
Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
wondersharemobiletrans
3.5.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/50756
https://www.vulncheck.com/advisories/wondershare-mobiletrans-elevationservice-unquoted-service-path
https://www.wondershare.com/