23 matches found
CVE-2026-26318
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...
CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...
CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...
CVE-2026-26280 Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280
CVE-2026-26280 affects the systeminformation library for Node.js. In versions prior to 5.30.8, wifiNetworks() is vulnerable to command injection: if the initial interface input yields no results, a retry path calls getWifiNetworkListIw(iface) with the original, unsanitized iface value, which is p...
CVE-2026-26280 Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280 Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
Command Injection
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the versions function, which executes a locate command to find a PostgreSQL installation on Linux. An attacker who can write files to the target...
GHSA-9C88-49P5-5GGF Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
Summary A command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. Details In lib/wifi.js, the wifiNetworks function sanitizes the iface parameter on the initial call lin...
GHSA-WPHJ-FX3Q-84CH systeminformation has a Command Injection vulnerability in fsSize() function on Windows
Summary The fsSize function in systeminformation is vulnerable to OS Command Injection CWE-78 on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this...
CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154 Command Injection in fsSize() on Windows
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154 Command Injection in fsSize() on Windows
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
PT-2025-51775
Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.27.14 Description The fsSize function in the systeminformation library is susceptible to OS command injection on Windows systems. The drive parameter, when directly concatenated into a PowerShell command...
EUVD-2021-0839
Malware in sbrugna...
CVE-2021-21388
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...
DEBIAN-CVE-2024-56334
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...
CVE-2024-56334
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...
CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...
CVE-2024-56334
The CVE-2024-56334 issue affects the Node.js library systeminformation. Affected versions permit SSIDs to be passed unsafely to cmd.exe in getWindowsIEEE8021x, enabling potential remote code execution or local privilege escalation. The root cause is lack of sanitization of SSIDs before command ex...