Security Research & Advisories

Unquoted Service Path 'Erp - Nelson technische Informatik' Vulnerability in Nelson Open Source ERP v11

Product Nelson Open Source ERP
Affected Version(s) 11 and probably prior
Tested Version(s) 11
Vendor Notification 03 May 2022
Advisory Publication 03 May 2022 [without technical details]
Vendor Fix N/A
Public Disclosure 03 May 2022
Latest Modification 03 May 2022
CVE Identifier Pending
Product Description The ERP, Groupware and Small Business Server is a web based. The software contains a web interface for administration of the system and an Active Directory based on Samba resp. a groupware based on Sogo. It can be used as SBS for sharing data via Webdav and SMB and administrate website based on Apache. The ERP server software runs on Linux. The ERP need no plugins in the browser on the client computer. The ERP can be accessed from any where with out effort. Be it at home with your home computer (Windows, Linux, MAC OS X), or traveling with your smart phone (iPhone, iPad, Android), or in the office, the data is always at hand. Webdav interface and Active Sync for synchronizing contacts and time management.
Credits Ismael Méndez Suárez Security Researcher & Penetration Tester @wizlynx group - Brian Alberto Rodriguez Ortiz Security Researcher & Penetration Tester @wizlynx group

Vulnerability Details

Unquoted Service Path
Severity: High CVSS Score: 7.8 CWE-ID: CWE-428 Status: Open
Vulnerability Description
If the path is not written between quotes and if any folder name in the path has a space in its name windows will append ".exe" and start looking for an executable, starting with the shortest possible path.
CVSS Base Score
Attack Vector Local Scope Changed
Attack Complexity Low Confidentiality Impact High
Privileges Required Low Integrity Impact High
User Interaction None Availability Impact High


Full details about the vulnerability will be disclosed once the vendor has provided a patch.