Lucene search

[email protected]NVD:CVE-2006-3884

HistoryJul 27, 2006 - 1:04 a.m.

CVE-2006-3884

2006-07-2701:04:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.012

Percentile

85.2%

JSON

Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE.

Affected configurations

Nvd

Node

gonafishlinkscaffeMatch3.0

VendorProductVersionCPE
gonafishlinkscaffe3.0cpe:2.3:a:gonafish:linkscaffe:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gonafish	linkscaffe	3.0	cpe:2.3:a:gonafish:linkscaffe:3.0:::::::*

References

secunia.com/advisories/21212

securityreason.com/securityalert/1287

securitytracker.com/id?1016584

www.osvdb.org/27518

www.securityfocus.com/archive/1/441087/100/0/threaded

www.securityfocus.com/bid/19149

www.vupen.com/english/advisories/2006/2983

exchange.xforce.ibmcloud.com/vulnerabilities/27961

exchange.xforce.ibmcloud.com/vulnerabilities/27962

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.012

Percentile

85.2%

JSON

Related for NVD:CVE-2006-3884

cvelist1 cve1 exploitdb1