CVE-2023-31747

Published: May 23, 2023Modified: Jan 21, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.

Affected (1)

Products: Wondershare: Filmora

Wondershare

1 product

Filmora

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wondershare Filmora	Version 12

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (6)

http://filmora.com

Source: cve@mitre.org

Not Applicable

http://wondershare.com

Source: cve@mitre.org

Product

https://packetstormsecurity.com/files/172464/Filmora-12-Build-1.0.0.7-Unquoted-Service-Path.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://filmora.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://wondershare.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://packetstormsecurity.com/files/172464/Filmora-12-Build-1.0.0.7-Unquoted-Service-Path.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.