CNNVD-202602-447 Information
CNNVD ID
CNNVD-202602-447
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Flexense Sync Breeze Enterprise是Flexense公司的一款文件同步和备份工具。 Flexense Sync Breeze Enterprise 12.4.18版本存在代码问题漏洞,该漏洞源于存在未加引号的服务路径漏洞,攻击者可利用未加引号的二进制路径在特定文件系统位置放置恶意可执行文件,可能导致劫持服务启动过程并以提升的系统权限执行任意代码。
Description (English)
Flexense Sync Breeze Enterprise is a file synchronization and backup tool for Flexense. There is a code problem gap in version 12.4.18 of Flexense Sync Breeze Enterprise, which stems from a service path gap with no quotes, where the assailant can use the unquoted binary path to place maliciously enforceable documents at the location of a particular document system, which could lead to the hijacking service start-up process and the enforcement of arbitrary codes with enhanced system privileges.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Flexense
Published
2026-02-03
Last Modified
2026-02-24
References
http://www.syncbreeze.com https://www.exploit-db.com/exploits/48045 https://www.vulncheck.com/advisories/sync-breeze-enterprise-unquoted-service-path
Patch
https://www.syncbreeze.com/downloads.html
Share on: