Command Injection

systeminformation is vulnerable to command injection. An attacker is able to pass a string as an array to bypass validation and execute arbitrary commands through the following functions: inetLatency, inetChecksite, services, processLoad...

Command Injection

Overview There is a command injection vulnerability in systeminformation which allows for injection of commands to the command line of your machine. Affected commands: inetLatency. The problem was fixed by sanitizing the shell string. Recommendation Upgrade to version 4.31.1 or later. References ...