CVE-2006-1421

Name of the Vulnerable Software and Affected Versions AkoComment version 2.0

Description The issue concerns SQL injection vulnerabilities in the akocomment.php file of the AkoComment module for Mambo. With magic quotes gpc disabled, remote attackers can execute arbitrary SQL commands by manipulating the acname or contentid parameters.

Recommendations For AkoComment version 2.0, consider disabling the use of the acname and contentid parameters in the akocomment.php file until a patch is available. Restrict access to the akocomment.php file to minimize the risk of exploitation. Avoid using the acname and contentid parameters in the affected module until the issue is resolved.