What is GHSA-w62m-j7rv-p5ff?

GHSA-w62m-j7rv-p5ff is a security advisory published by GitHub Security Advisories with High severity. Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the...

Which CVE IDs does GHSA-w62m-j7rv-p5ff cover?

GHSA-w62m-j7rv-p5ff covers the following CVE IDs: CVE-2020-37230. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-w62m-j7rv-p5ff?

GHSA-w62m-j7rv-p5ff has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-w62m-j7rv-p5ffHighCVSS 7.8

Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the...

Vendor

GitHub Security Advisories

Published

May 16, 2026

Last Modified

May 16, 2026

🔗 CVE IDs covered (1)

CVE-2020-37230 →

📋 Description

Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSystem privileges when the service restarts or the system reboots.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2020-37230
https://download.syncplify.me/SMServer_Setup.exe
https://www.exploit-db.com/exploits/49009
https://www.syncplify.me
https://www.vulncheck.com/advisories/syncplify-me-server-unquoted-service-path-privilege-escalation
https://github.com/advisories/GHSA-w62m-j7rv-p5ff