VYPR

AkoComment

by Mambo (software)

CVEs (2)

  • CVE-2006-4281Aug 21, 2006
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-1421Mar 28, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter.