CVE-2009-4623 – Advanced Comment System 1.0 - Multiple Remote File Inclusions

https://notcve.org/view.php?id=CVE-2009-4623

Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598. Multiples vulnerabilidades de inclusión de fichero remoto PHP en Advanced Comment System versión 1.0. Permiten a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro ACS_path de (1) index.php y (2) admin.php de advanced_comment_system/. • https://www.exploit-db.com/exploits/9623 https://github.com/MonsempesSamuel/CVE-2009-4623 https://github.com/kernel-cyber/CVE-2009-4623 https://github.com/hupe1980/CVE-2009-4623 http://secunia.com/advisories/36643 http://www.exploit-db.com/exploits/9623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •