PT-2020-19787 · Systeminformation · Systeminformation

Effectrenan

Published

2020-11-26

Updated

2022-02-09

CVE-2020-7778

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 4.30.2

Description The issue allows an attacker to overwrite the properties and functions of an object, potentially leading to the execution of OS commands. This is due to a flaw in the systeminformation package.

Recommendations For systeminformation versions prior to 4.30.2, update to version 4.30.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive objects and functions to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-7778

GHSA-8J36-Q8X7-PM6Q

SNYK-JS-SYSTEMINFORMATION-1043753

Affected Products

Systeminformation

PT-2020-19787 · Systeminformation · Systeminformation

CVE-2020-7778

Weakness Enumeration

Related Identifiers

Affected Products

References · 12