SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote malicious users to execute arbitrary SQL commands via the module parameter.
boka siteengine 7.1