PT-2006-2430 · Mambo · Akocomment

Stefan Keller

Published

2006-03-28

Updated

2018-10-18

CVE-2006-1421

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AkoComment version 2.0

Description The issue concerns SQL injection vulnerabilities in the akocomment.php file of the AkoComment module for Mambo. With magic quotes gpc disabled, remote attackers can execute arbitrary SQL commands by manipulating the acname or contentid parameters.

Recommendations For AkoComment version 2.0, consider disabling the use of the acname and contentid parameters in the akocomment.php file until a patch is available. Restrict access to the akocomment.php file to minimize the risk of exploitation. Avoid using the acname and contentid parameters in the affected module until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1421

Affected Products

Akocomment

PT-2006-2430 · Mambo · Akocomment

CVE-2006-1421

Related Identifiers

Affected Products

References · 8