14 matches found
OS Command Injection
systeminformation is vulnerable to OS Command Injection. The vulnerability is due to direct concatenation of the user-supplied drive parameter into a PowerShell command in the fsSize function without proper sanitization, which allows an attacker to execute arbitrary commands on Windows systems wh...
EUVD-2025-203835
systeminformation has a Command Injection vulnerability in fsSize function on Windows...
systeminformation has a Command Injection vulnerability in fsSize() function on Windows
Summary The fsSize function in systeminformation is vulnerable to OS Command Injection CWE-78 on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this...
Command Injection
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the fsSize function when the drive parameter is concatenated into a PowerShell command without proper sanitization. An attacker can execute arbitrary...
GHSA-WPHJ-FX3Q-84CH systeminformation has a Command Injection vulnerability in fsSize() function on Windows
Summary The fsSize function in systeminformation is vulnerable to OS Command Injection CWE-78 on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this...
CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
DEBIAN-CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154 Command Injection in fsSize() on Windows
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154 Command Injection in fsSize() on Windows
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154
The CVE-2025-68154 issue affects the systeminformation library for Node.js, where fsSize() on Windows unsafely concatenates the drive parameter into a PowerShell command, enabling OS command injection. The vulnerability is documented as high severity (CVSS 8.1) with potential for arbitrary comman...
CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154 Command Injection in fsSize() on Windows
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
PT-2025-51775
Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.27.14 Description The fsSize function in the systeminformation library is susceptible to OS command injection on Windows systems. The drive parameter, when directly concatenated into a PowerShell command...
systeminformation 操作系统命令注入漏洞
systeminformation is an Npm repository for obtaining operating system information by Sebastian Hildebrandt, an individual developer. An OS command injection vulnerability exists in systeminformation versions prior to 5.27.14, which stems from an OS command injection vulnerability in the fsSize...