CyberSec.Space Logo
Back to CVE Browser

CVE-2018-18748

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile17.57th
PublishedOct 29, 2018
Last ModifiedAug 4, 2025

Vulnerability Description

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality

Affected Platforms (CPE)

๐Ÿ“ฆ
Sandboxie Plus

Sandboxie

= 5.26

References & Advisories

๐Ÿ”— https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc
๐Ÿ”— https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/
๐Ÿ”— https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc

Related Vulnerabilities

CVE-2017-124807.8

Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll f...

CVE-2021-478837.8

Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute...

CVE-2021-478317.5

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the cont...

CVE-2019-255516.2

Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an exc...