CVE-2020-10948

Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests.

Published: Apr 1, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-10948
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
alienform2_project / alienform2	2.0.2	2.0.2.x

https://github.com/fireeye/Vulnerability-Disclosures/tree/master/FEYE-2020-0004

Vulnerability Database

CVE-2020-10948