Stefan Keller

**Name of the Vulnerable Software and Affected Versions** AkoComment version 2.0 **Description** The issue concerns SQL injection vulnerabilities in the akocomment.php file of the AkoComment module for Mambo. With magic quotes gpc disabled, remote attackers can execute arbitrary SQL commands by manipulating the `acname` or `contentid` parameters. **Recommendations** For AkoComment version 2.0, consider disabling the use of the `acname` and `contentid` parameters in the akocomment.php file until a patch is available. Restrict access to the akocomment.php file to minimize the risk of exploitation. Avoid using the `acname` and `contentid` parameters in the affected module until the issue is resolved.