PT-2026-41430 · Unknown · Syncplify.Me Server!
Julio Aviña
·
Published
2026-05-16
·
Updated
2026-05-16
·
CVE-2020-37230
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Syncplify.me Server! version 5.0.37
Description
The SMWebRestServicev5 service contains an unquoted service path, which occurs when a service executable path contains spaces and is not enclosed in quotation marks. This allows local attackers to escalate privileges by inserting a malicious executable into the service path, which then executes with LocalSystem privileges upon service restart or system reboot.
Recommendations
For version 5.0.37, ensure the service path for SMWebRestServicev5 is properly quoted in the system registry to prevent the execution of unauthorized binaries.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Syncplify.Me Server!