CVE-2020-7752 Information

Feb 14, 2021 cve

Description

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl’s parameters to overwrite Javascript files and then execute any OS commands.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61 https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909 This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl’s parameters to overwrite Javascript files and then execute any OS commands.

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: