Advanced Comment System Project ≫ Advanced Comment System

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

7.5

CVE-2020-35598

Exploit

EPSS 74.43%
Published 23.12.2020 19:15:13
Last modified 21.11.2024 05:27:40

ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623

6.1

CVE-2018-18845

Exploit

EPSS 0.76%
Published 21.03.2019 16:00:29
Last modified 21.11.2024 03:56:44

internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentiall...

9.8

CVE-2018-18619

Exploit

EPSS 3.43%
Published 29.11.2018 22:29:00
Last modified 21.11.2024 03:56:14

internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute th...