CVE-2023-26918 – File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control

https://notcve.org/view.php?id=CVE-2023-26918

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access. File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate privileges. • https://www.exploit-db.com/exploits/51375 http://packetstormsecurity.com/files/171879/File-Replication-Pro-7.5.0-Insecure-Permissions-Privilege-Escalation.html https://www.filereplicationpro.com • CWE-276: Incorrect Default Permissions •