HomePentest-Tools.com Logo

Advanced Comment System 1.0 - Local File Inclusion CVE-2020-35598

Severity
CVSSv3 Score
7.5
Vulnerability description

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f URI.

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.

Recommendation

Apply the latest patch or update provided by the vendor to fix the local file inclusion vulnerability in the Advanced Comment System 1.0.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Dec 23, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available