Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path
Vulnerability Description
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
未经引用的搜索路径或元素
Vulnerability Title
Serviio PRO 代码问题漏洞
Vulnerability Description
Serviio PRO是英国Serviio公司的一个多媒体流服务器软件。 Serviio PRO 1.8版本存在代码问题漏洞,该漏洞源于Windows服务存在未加引号的搜索路径和目录权限不当,可能导致本地用户执行任意代码或权限提升。
CVSS Information
N/A
Vulnerability Type
N/A