CVE-2021-33484
OnyakTech Comments Pro 3.8 is affected in its CommentsService.ashx. An attacker can decompile the installer to find a hardcoded IV used to encrypt usernames and user IDs in the comment POST request, and can decrypt the encryption key by setting the encrypted value as the username, revealing the d...