CVE-2023-26918 – File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control

https://notcve.org/view.php?id=CVE-2023-26918

13 Apr 2023 — Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access. File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate privileges. • https://www.exploit-db.com/exploits/51375 • CWE-276: Incorrect Default Permissions •