Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40718
HistoryMay 30, 2023 - 3:08 a.m.

Command Injection

2023-05-3003:08:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
command injection
input sanitization
bwm-ng.js
node.js
software

EPSS

0

Percentile

15.8%

bwm-ng is vulnerable to Command Injection. The vulnerability exists due to the lack of input sanitization in the check function of the bwm-ng.js file, which allows an attacker to inject and execute malicious code. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment.

EPSS

0

Percentile

15.8%