SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.Referenceshttp://www.osvdb.org/61974http://secunia.com/advisories/38253http://enanocms.org/Release_notes/1.0.6pl1
