Login Sign Up

CVE-2020-7752

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2020-7752 is a command injection vulnerability in the systeminformation npm package that allows attackers to execute arbitrary operating system commands by manipulating curl parameters. This affects any application using vulnerable versions of systeminformation, particularly Node.js applications that process untrusted input. The vulnerability enables attackers to overwrite JavaScript files and execute malicious commands on the host system.

💻 Affected Systems

Products:
  • systeminformation npm package
Versions: All versions before 4.27.11
Operating Systems: All operating systems where Node.js runs
Default Config Vulnerable: ⚠️ Yes
Notes: Applications must call vulnerable functions with user-controlled input to be exploitable.

📦 What is this software?

Systeminformation by Systeminformation

View all CVEs affecting Systeminformation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to execute arbitrary commands, install malware, exfiltrate data, or pivot to other systems in the network.

🟠

Likely Case

Remote code execution leading to data theft, service disruption, or cryptocurrency mining malware installation.

🟢

If Mitigated

Limited impact due to proper input validation, network segmentation, and least privilege execution contexts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the application to process attacker-controlled input through vulnerable functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.27.11

Vendor Advisory: https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61

Restart Required: Yes

Instructions:

1. Update package.json to require systeminformation version 4.27.11 or higher. 2. Run 'npm update systeminformation'. 3. Restart all Node.js applications using the package.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation and sanitization for all parameters passed to systeminformation functions.

Network Restriction

all

Restrict network access for applications using systeminformation to prevent external command execution.

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for all user inputs
  • Run applications with least privilege and in isolated containers

🔍 How to Verify

Check if Vulnerable:

Check package.json or run 'npm list systeminformation' to see if version is below 4.27.11.

Check Version:

npm list systeminformation | grep systeminformation

Verify Fix Applied:

Verify systeminformation version is 4.27.11 or higher using 'npm list systeminformation'.

📡 Detection & Monitoring

Log Indicators:

  • Unusual curl command executions
  • Suspicious file modifications in application directories
  • Unexpected process spawns from Node.js applications

Network Indicators:

  • Outbound connections to suspicious domains from application servers
  • Unusual command and control traffic patterns

SIEM Query:

process.name:node AND (process.cmdline:*curl* OR process.cmdline:*systeminformation*)

📊 Metadata

CVE ID: CVE-2020-7752
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: October 26, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7752, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)