CVE-2006-3884
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/07/2006
Last modified:
17/10/2018
Description
Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:gonafish:linkscaffe:3.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/21212
- http://securityreason.com/securityalert/1287
- http://securitytracker.com/id?1016584=
- http://www.osvdb.org/27518
- http://www.securityfocus.com/archive/1/441087/100/0/threaded
- http://www.securityfocus.com/bid/19149
- http://www.vupen.com/english/advisories/2006/2983
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27961
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27962