Effectrenan

**Name of the Vulnerable Software and Affected Versions** systeminformation versions prior to 4.30.2 **Description** The issue allows an attacker to overwrite the properties and functions of an object, potentially leading to the execution of OS commands. This is due to a flaw in the systeminformation package. **Recommendations** For systeminformation versions prior to 4.30.2, update to version 4.30.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive objects and functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** systeminformation versions prior to 4.27.11 **Description** This issue affects the systeminformation package, allowing an attacker to perform Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. **Recommendations** For versions prior to 4.27.11, upgrade to version 4.27.11 or later to resolve the issue. As a temporary workaround for versions that cannot be upgraded, check or sanitize service parameter strings that are passed to `si.inetChecksite()`.