Advanced Comment System 1.0 SQL Injection

Advanced Comment System version 1.0 suffers from a remote SQL injection vulnerability.

MD5 | 2e410b3407ce4a5c6db3c52fa0679770

# Exploit Title: SQL injection in Advanced comment system v1.0
# Date: 29-10-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage:
# Software Link:,
# Version: Advanced comment system v1.0
# Tested on: All
# CVE : CVE-2018-18619
# Category: webapps

1. Description

PHP page internal/advanced_comment_system/admin.php in Advanced Comment
System 1.0 is prone to an SQL injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query,
allowing remote attackers to execute the sqli attack via a URL in the
"page" parameter.
The product is discontinued.

2. Proof of Concept


3. Solution:

The product is discontinued.


Related Posts