Lucene search

[email protected]CVE-2006-3884

HistoryJul 27, 2006 - 1:04 a.m.

CVE-2006-3884

2006-07-2701:04:00

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

gonafish linkscaffe 3.0

remote attackers

execute arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.2%

JSON

Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE.

Affected configurations

NVD

Node

gonafishlinkscaffeMatch3.0

CPENameOperatorVersion
gonafish:linkscaffegonafish linkscaffeeq3.0

CPE	Name	Operator	Version
gonafish:linkscaffe	gonafish linkscaffe	eq	3.0

References

secunia.com/advisories/21212

securityreason.com/securityalert/1287

securitytracker.com/id?1016584

www.osvdb.org/27518

www.securityfocus.com/archive/1/441087/100/0/threaded

www.securityfocus.com/bid/19149

www.vupen.com/english/advisories/2006/2983

exchange.xforce.ibmcloud.com/vulnerabilities/27961

exchange.xforce.ibmcloud.com/vulnerabilities/27962

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.2%

JSON

Related for CVE-2006-3884

cvelist1 nvd1