Advanced Comment System Project Advanced Comment System 1.0
Approved changes feed: RSS · Atom
cpe:2.3:a:advanced_comment_system_project:advanced_comment_system:1.0:*:*:*:*:*:*:*
part: a version: 1.0 update: *
| Vendor | Advanced Comment System Project (13b21a0a-8270-551b-81e7-9f0e71bc5f23) |
|---|---|
| Product | Advanced Comment System (ddbf5186-941e-5788-bd2f-03732f77125c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-35598 |
vulnerable | 2026-06-08 05:25:01.441395 |
Details available
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
Published: 2020-12-23T18:52:07.000Z
Updated: 2024-08-04T17:09:14.504Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-18845 |
vulnerable | 2026-06-08 05:11:14.816613 |
Details available
internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued.
Published: 2019-03-17T19:44:33.000Z
Updated: 2024-08-05T11:23:08.388Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-18619 |
vulnerable | 2026-06-08 05:11:14.362753 |
Details available
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
Published: 2018-11-29T22:00:00.000Z
Updated: 2024-08-05T11:16:00.167Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.