Vulnerability Description
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systeminformation | Systeminformation | < 4.27.11 |
Related Weaknesses (CWE)
References
- https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.jsExploitThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc1045PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909ExploitPatchThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.jsExploitThird Party Advisory
- https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc1045PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909ExploitPatchThird Party Advisory
FAQ
What is CVE-2020-7752?
CVE-2020-7752 is a vulnerability with a CVSS score of 8.8 (HIGH). This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execut...
How severe is CVE-2020-7752?
CVE-2020-7752 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7752?
Check the references section above for vendor advisories and patch information. Affected products include: Systeminformation Systeminformation.