cbcvebase.
CVE-2020-35598
published 2020-12-23

CVE-2020-35598: ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same…

PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
21.00%
97.3th percentile
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623

Affected

2 ranges
VendorProductVersion rangeFixed in
advanced_comment_system_projectadvanced_comment_system
plohniadvanced_comment_system

Detection & IOCsextracted from sources · hover to see the quote

url/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00
path/advanced_component_system/index.php
  • Look for GET requests to /advanced_component_system/index.php with the ACS_path parameter containing URL-encoded path traversal sequences (..%2f) and a null byte (%00) terminator targeting /etc/passwd.
  • A successful exploitation response will return HTTP 200 and contain the string matching 'root:.*:0:0:' in the body, indicating /etc/passwd was read.
  • The vulnerability is triggered via the ACS_path GET parameter; monitor web logs for any requests to this endpoint containing '%2f' (URL-encoded slash) sequences indicative of directory traversal.
  • ·The exploit uses a null byte (%00) to terminate the path string, which is a technique that may only work on PHP versions where null byte injection in file paths is effective (typically PHP < 5.3.4).
  • ·This CVE may overlap with CVE-2009-4623, suggesting the vulnerability has been known for over a decade and affects the same codebase.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.