PT-2020-12442 · Jon Hedley · Alienform2

Published

2020-04-01

Updated

2021-07-21

CVE-2020-10948

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Jon Hedley AlienForm2 version 2.0.2

Description The issue allows an unauthenticated, remote attacker to execute remote commands via eval injection. This is achieved by sending a series of crafted requests.

Recommendations For version 2.0.2, update to a version that fixes the eval injection issue to prevent remote command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-10948

Affected Products

Alienform2

PT-2020-12442 · Jon Hedley · Alienform2

CVE-2020-10948

Weakness Enumeration

Related Identifiers

Affected Products

References · 4