Product Name: VX Search
Vendor Home Page: https://www.vxsearch.com/
Affected Version(s): VX Search v13.8
Fixed Version: all versions later v13.8
Vulnerability Type: Unquoted Search Path (CWE-428)
CVE Reference: CVE-2023-24671
Credit: Thurein Soe
VX Search is an automated, rule-based file search solution allowing one to
search files by file type, category, file name, size, location, extension,
regular expressions, text and binary patterns.
VX Search v13.8 was discovered to contain an unquoted service path
vulnerability which allows attackers to execute arbitrary commands.
However, this could not lead to a fully local privilege escalation attack.