CNNVD-202602-451 Information
CNNVD ID
CNNVD-202602-451
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Flexense Disk Sorter Enterprise是Flexense公司的一个文件管理和磁盘空间分析软件。 Flexense Disk Sorter Enterprise 12.4.16版本存在代码问题漏洞,该漏洞源于服务配置中存在未加引号的服务路径漏洞,攻击者可利用未加引号的路径注入恶意可执行文件,可能导致以LocalSystem权限执行任意代码。
Description (English)
Flexense Disk Sorter Enterprise is a file management and disk space analysis software for Flexense. There is a code problem loophole in version 12.4.16 of Flexense Disk Sorter Enterprise, which stems from the service configuration with a service path that is unquoted and can be used by the assailant to inject a malicious enforceable document with an unquote path, which may lead to the enforcement of any code under the LocalSystem permission.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Flexense
Published
2026-02-03
Last Modified
2026-02-24
References
http://www.disksorter.com https://www.exploit-db.com/exploits/48048 https://www.vulncheck.com/advisories/disk-sorter-enterprise-unquoted-service-path
Patch
https://www.disksorter.com/downloads.html
Share on: