NotCVE - vendor:"Advanced Comment System Project"

3 results (0.010 seconds)

CVSS: 7.5EPSS: 19%CPEs: 1EXPL: 2

CVE-2020-35598 – Advanced Comment System 1.0 - 'ACS_path' Path Traversal

https://notcve.org/view.php?id=CVE-2020-35598

ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623 ACS Advanced Comment System versión 1.0, está afectado por Salto de Directorio por medio de un URI ..%2f de advanced_component_system/index.php?ACS_path=. NOTA: esto podría ser lo mismo que CVE-2009-4623 • https://www.exploit-db.com/exploits/49343 https://seclists.org/fulldisclosure/2020/Dec/13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-18845 – Advanced Comment System 1.0 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2018-18845

internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued. internal/advanced_comment_system/index.php y internal/advanced_comment_system/admin.php en Advanced Comment System, versión 1.0, contienen una vulnerabilidad de Cross-Site Scripting (XSS) reflejado mediante ACS_path. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para proporcionar código HTML o JavaScript malicioso a una aplicación web vulnerable, que se devuelve a la víctima y es ejecutado por el navegador web. este producto se ha descontinuado. Advanced Comment System version 1.0 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/151799/Advanced-Comment-System-1.0-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2018-18619 – Advanced Comment System 1.0 - SQL Injection

https://notcve.org/view.php?id=CVE-2018-18619

internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued. internal/advanced_comment_system/admin.php en Advanced Comment System 1.0 es propenso a una vulnerabilidad de inyección SQL porque no sanea correctamente los datos proporcionados por los usuarios antes de usarlos en una consulta SQL, permitiendo que los atacantes remotos ejecuten el ataque sqli mediante una URL en el parámetro "page". NOTA: Este producto está descontinuado. Advanced Comment System version 1.0 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/45853 http://packetstormsecurity.com/files/150261/Advanced-Comment-System-1.0-SQL-Injection.html http://seclists.org/fulldisclosure/2018/Nov/30 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •