Home

Description

Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escalation.

PUBLISHED Reserved 2024-05-03 | Published 2024-05-03 | Updated 2024-08-01 | Assigner INCIBE




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-428 Unquoted Search Path or Element

Product status

Default status
unaffected

Any version before 4.1.3
affected

Credits

Jorge Manuel Lozano Gómez finder

References

www.incibe.es/...path-or-search-item-vulnerability-sugarsync

cve.org (CVE-2024-4461)

nvd.nist.gov (CVE-2024-4461)

Download JSON