Search criteria
4 vulnerabilities found for Sandboxie Plus by Sandboxie-Plus
CVE-2021-47883 (GCVE-0-2021-47883)
Vulnerability from nvd – Published: 2026-01-21 17:27 – Updated: 2026-01-22 21:57
VLAI?
Title
Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path
Summary
Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sandboxie-Plus | Sandboxie Plus |
Affected:
0.7.2
|
Credits
Mohammed Alshehri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47883",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T21:57:00.462714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:57:10.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sandboxie Plus",
"vendor": "Sandboxie-Plus",
"versions": [
{
"status": "affected",
"version": "0.7.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohammed Alshehri"
}
],
"datePublic": "2021-01-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T17:27:52.846Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49631",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49631"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://sandboxie-plus.com/"
},
{
"name": "VulnCheck Advisory: Sandboxie Plus v0.7.2 - \u0027SbieSvc\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sandboxie-plus-sbiesvc-unquoted-service-path"
}
],
"title": "Sandboxie Plus v0.7.2 - \u0027SbieSvc\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47883",
"datePublished": "2026-01-21T17:27:52.846Z",
"dateReserved": "2026-01-18T12:35:05.173Z",
"dateUpdated": "2026-01-22T21:57:10.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47832 (GCVE-0-2021-47832)
Vulnerability from nvd – Published: 2026-01-16 19:09 – Updated: 2026-01-21 16:41
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate.
Replaced by CVE-2022-50920
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-01-21T16:41:46.259Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate."
}
],
"replacedBy": [
"CVE-2022-50920"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47832",
"datePublished": "2026-01-16T19:09:34.019Z",
"dateRejected": "2026-01-21T16:41:46.259Z",
"dateReserved": "2026-01-14T17:11:19.900Z",
"dateUpdated": "2026-01-21T16:41:46.259Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47883 (GCVE-0-2021-47883)
Vulnerability from cvelistv5 – Published: 2026-01-21 17:27 – Updated: 2026-01-22 21:57
VLAI?
Title
Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path
Summary
Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sandboxie-Plus | Sandboxie Plus |
Affected:
0.7.2
|
Credits
Mohammed Alshehri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47883",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T21:57:00.462714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:57:10.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sandboxie Plus",
"vendor": "Sandboxie-Plus",
"versions": [
{
"status": "affected",
"version": "0.7.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohammed Alshehri"
}
],
"datePublic": "2021-01-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T17:27:52.846Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49631",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49631"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://sandboxie-plus.com/"
},
{
"name": "VulnCheck Advisory: Sandboxie Plus v0.7.2 - \u0027SbieSvc\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sandboxie-plus-sbiesvc-unquoted-service-path"
}
],
"title": "Sandboxie Plus v0.7.2 - \u0027SbieSvc\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47883",
"datePublished": "2026-01-21T17:27:52.846Z",
"dateReserved": "2026-01-18T12:35:05.173Z",
"dateUpdated": "2026-01-22T21:57:10.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47832 (GCVE-0-2021-47832)
Vulnerability from cvelistv5 – Published: 2026-01-16 19:09 – Updated: 2026-01-21 16:41
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate.
Replaced by CVE-2022-50920
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-01-21T16:41:46.259Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate."
}
],
"replacedBy": [
"CVE-2022-50920"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47832",
"datePublished": "2026-01-16T19:09:34.019Z",
"dateRejected": "2026-01-21T16:41:46.259Z",
"dateReserved": "2026-01-14T17:11:19.900Z",
"dateUpdated": "2026-01-21T16:41:46.259Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}