CVE-2023-4991

Published: Sep 15, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Quescom: Nextbx Qwalerter

1 product

Nextbx Qwalerter

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Quescom Nextbx Qwalerter	Version 4.50

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (4)

https://vuldb.com/?ctiid.239804

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.239804

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?ctiid.239804

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.239804

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.