Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path | Advisories

Advisories

Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path

severity: high
date: January 13, 2026
Affecting: Wondershare Dr.Fone 12.0.18
CVE: CVE-2022-50900
CWE: CWE-428 Unquoted Search Path or Element
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-50813
Vendor Homepage
Credit: Mohamed Alzhrani
Description: Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.