CVE-2020-36930

Published: Jan 16, 2026Modified: Feb 9, 2026

8.5

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.

Affected (1)

Products: Flexense: Sysgauge

Flexense

1 product

Sysgauge

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Flexense Sysgauge	Version 7.9.18

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (4)

https://www.exploit-db.com/exploits/50009

Source: disclosure@vulncheck.com

Exploit

https://www.sysgauge.com

Source: disclosure@vulncheck.com

Product

https://www.vulncheck.com/advisories/sysgauge-sysgauge-server-unquoted-service-path

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.exploit-db.com/exploits/50009

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit

Timeline (13)

2/9/2026

5 changes

Initial Analysis - Reference Type

03:01 PM

- -
+ CISA-ADP: https://www.exploit-db.com/exploits/50009 Types: Exploit

Initial Analysis - Reference Type

03:01 PM

- -
+ VulnCheck: https://www.vulncheck.com/advisories/sysgauge-sysgauge-server-unquoted-service-path Types: Third Party Advisory

Initial Analysis - Reference Type

03:01 PM

- -
+ VulnCheck: https://www.sysgauge.com Types: Product

Initial Analysis - Reference Type

03:01 PM

- -
+ VulnCheck: https://www.exploit-db.com/exploits/50009 Types: Exploit

Initial Analysis - CPE Configuration

03:01 PM

- -
+ OR
          *cpe:2.3:a:flexense:sysgauge:7.9.18:*:*:*:*:*:*:*

1/16/2026

8 changes

CVE Modified - Reference

10:16 PM

- -
+ https://www.exploit-db.com/exploits/50009

New CVE Received - Reference

12:16 AM

- -
+ https://www.vulncheck.com/advisories/sysgauge-sysgauge-server-unquoted-service-path

New CVE Received - Reference

12:16 AM

- -
+ https://www.sysgauge.com

New CVE Received - Reference

12:16 AM

- -
+ https://www.exploit-db.com/exploits/50009

New CVE Received - CWE

12:16 AM

- -
+ CWE-428

New CVE Received - CVSS V3.1

12:16 AM

- -
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

New CVE Received - CVSS V4.0

12:16 AM

- -
+ AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

New CVE Received - Description

12:16 AM

- -
+ SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.