Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Plohni | Advanced Comment System | 1.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36643Vendor Advisory
- http://www.exploit-db.com/exploits/9623ExploitThird Party AdvisoryVDB Entry
- http://secunia.com/advisories/36643Vendor Advisory
- http://www.exploit-db.com/exploits/9623ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2009-4623?
CVE-2009-4623 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admi...
How severe is CVE-2009-4623?
CVE-2009-4623 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4623?
Check the references section above for vendor advisories and patch information. Affected products include: Plohni Advanced Comment System.