ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service (disk consumption) via the coment parameter to (1) show_video.php or (2) topic.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/79927
http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html