6 matches found
Command Injection
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the fsSize function when the drive parameter is concatenated into a PowerShell command without proper sanitization. An attacker can execute arbitrary...
CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
DEBIAN-CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154 Command Injection in fsSize() on Windows
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
PT-2025-51775
Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.27.14 Description The fsSize function in the systeminformation library is susceptible to OS command injection on Windows systems. The drive parameter, when directly concatenated into a PowerShell command...