Quick 'n Easy FTP Service 3.2 - Unquoted Service Path | Advisories

Advisories

Quick 'n Easy FTP Service 3.2 - Unquoted Service Path

severity: high
date: January 27, 2026
Affecting: Quick 'n Easy FTP Service 3.2
CVE: CVE-2020-36983
CWE: CWE-428 Unquoted Search Path or Element
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-48983
Vendor Homepage
Software Download Page
Credit: yunaranyancat
Description: Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart.