CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-42810 – systeminformation SSID Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-42810
21 Sep 2023 — systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only). systeminformation es System Information Library para Node.JS. Las versiones 5.0.0 a 5.21.6 tienen una vulnerabilidad de inyección de comando SSID. • https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-26300 – Command injection in systeminformation
https://notcve.org/view.php?id=CVE-2020-26300
09 Sep 2021 — systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix. systeminformation es un paquete npm que proporciona una biblioteca de información del sistema y del Sistema Operativo para node.js. En systeminformation versiones anteriores a 4.26.2 Se presenta una vulnerabilidad de inyección de comandos. El problema fue ... • https://github.com/advisories/GHSA-fj59-f6c3-3vw4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21388 – Command Injection Vulnerability in systeminformation
https://notcve.org/view.php?id=CVE-2021-21388
29 Apr 2021 — systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. • https://github.com/sebhildebrandt/systeminformation/commit/01ef56cd5824ed6da1c11b37013a027fdef67524 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 93%CPEs: 2EXPL: 6CVE-2021-21315 – System Information Library for Node.JS Command Injection
https://notcve.org/view.php?id=CVE-2021-21315
16 Feb 2021 — The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any ... • https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-26274 – Command Injection Vulnerability in systeminformation
https://notcve.org/view.php?id=CVE-2020-26274
16 Dec 2020 — In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix. En systeminformation (paquete npm) versiones anteriores a 4.31.1, se presenta una vulnerabilidad de inyección de comandos. El problema se corrigió en la versión 4.31.1, con una corrección del saneamiento de la cadena de shell • https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-26245 – Prototype Pollution leading to Command Injection in systeminformation
https://notcve.org/view.php?id=CVE-2020-26245
27 Nov 2020 — npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite(). npm package systeminformation anterior a versión 4.30.5, es vulnerable a una Contaminación de Prototipos conllevando a una Inyección de Comand... • https://github.com/sebhildebrandt/systeminformation/commit/8113ff0e87b2f422a5756c48f1057575e73af016 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2020-7778 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2020-7778
26 Nov 2020 — This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. Esto afecta al paquete systeminformation versiones anteriores a 4.30.2. El atacante puede sobrescribir las propiedades y funciones de un objeto, lo que puede conllevar a ejecutar comandos del Sistema Operativo • https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 3CVE-2020-7752 – Command Injection
https://notcve.org/view.php?id=CVE-2020-7752
26 Oct 2020 — This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. Esto afecta al paquete systeminformation versiones anteriores a 4.27.11. Este paquete es vulnerable a una Inyección de Comandos. • https://github.com/ossf-cve-benchmark/CVE-2020-7752 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •