CVE-2021-47861

HIGH

7.8

Description

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be executed with LocalSystem account privileges during service startup.

CVE Details

CVSS v3.1 Score7.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published1/21/2026

Last Modified1/26/2026

Sourcenvd

Honeypot Sightings0

Weaknesses (CWE)

CWE-428

References

https://eventlogxp.com/(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/49704(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/event-log-explorer-elodeaeventcollectorservice-unquoted-service-path(disclosure@vulncheck.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.