CVE-2009-4623

Advanced Comment System 1.0 - Remote Code Execution via ACS_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2009-4623. PoCs published by Kurd-Team, kernel-cyber, sammonsempes.

AI-analyzed exploit summary This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Advanced Comment System 1.0. It provides exploit paths but lacks actual exploit code or payload details.

Description

Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598.

Exploits (4)

exploitdb WRITEUP VERIFIED
by Kurd-Team · textwebappsphp
https://www.exploit-db.com/exploits/9623

This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Advanced Comment System 1.0. It provides exploit paths but lacks actual exploit code or payload details.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Advanced Comment System 1.0
No auth needed
Prerequisites: vulnerable version of Advanced Comment System 1.0 · ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by kernel-cyber · poc
https://github.com/kernel-cyber/CVE-2009-4623

The repository contains a functional Python exploit for CVE-2009-4623, targeting a PHP remote file inclusion vulnerability in Advanced Comment System 1.0. The exploit sends a crafted request to execute arbitrary PHP code via the 'ACS_path' parameter, resulting in a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Advanced Comment System 1.0
No auth needed
Prerequisites: Target must have Advanced Comment System 1.0 installed · PHP 'allow_url_include' must be enabled · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by sammonsempes · poc
https://github.com/sammonsempes/CVE-2009-4623

This repository contains a functional exploit script for CVE-2009-4623, which leverages a PHP file inclusion vulnerability to achieve remote command execution. The script sends crafted HTTP requests with a null byte termination to include malicious PHP code via the `ACS_path` parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Advanced Comment System (likely version 1.0 or similar)
No auth needed
Prerequisites: Target must be running a vulnerable version of Advanced Comment System · The `admin.php` endpoint must be accessible · PHP must be configured to allow file inclusion via `php://input`
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by hupe1980 · poc
https://github.com/hupe1980/CVE-2009-4623

The repository contains a functional Python exploit for CVE-2009-4623, targeting Advanced Comment System 1.0. The exploit leverages a PHP null byte injection to execute arbitrary commands via a crafted POST request to 'index.php'.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Advanced Comment System 1.0
No auth needed
Prerequisites: Target must be running Advanced Comment System 1.0 · PHP must be configured to allow null byte injection
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36643
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9623

Scores

EPSS 0.0985
EPSS Percentile 94.9%

Details

CWE
CWE-94
Status published
Products (1)
plohni/advanced_comment_system 1.0
Published Jan 18, 2010
Tracked Since Feb 18, 2026