216.73.217.98

CVE-2021-47868

· Published 21/01/2026 18:16 · Modified 21/01/2026 18:16

Labels: CVE-2021-47868 2026-01-21CVE-2021-47868CWE-428[email protected]

Essential information

Published
21/01/2026 18:16
Modified
21/01/2026 18:16
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject malicious code that would execute with LocalSystem permissions.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / win-pack pro cpe:2.3:a:*:win-pack_pro:4.8:*:*:*:*:*:*:*

References