CVE-2006-3884

Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/19149	Exploit
http://securitytracker.com/id?1016584
http://secunia.com/advisories/21212
http://www.osvdb.org/27518
http://securityreason.com/securityalert/1287
http://www.vupen.com/english/advisories/2006/2983
https://exchange.xforce.ibmcloud.com/vulnerabilities/27962
https://exchange.xforce.ibmcloud.com/vulnerabilities/27961
http://www.securityfocus.com/archive/1/441087/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:gonafish:linkscaffe:3.0:*:*:*:*:*:*:*

Information

Published : 2006-07-26 18:04

Updated : 2018-10-17 14:32

NVD link : CVE-2006-3884

Mitre link : CVE-2006-3884

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

gonafish

linkscaffe

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/19149", "name": "19149", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1016584", "name": "1016584", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/21212", "name": "21212", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/27518", "name": "27518", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/1287", "name": "1287", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/2983", "name": "ADV-2006-2983", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27962", "name": "linkscaffe-links-path-disclosure(27962)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27961", "name": "linkscaffe-links-sql-injection(27961)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/441087/100/0/threaded", "name": "20060725 LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3884", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-07-27T01:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gonafish:linkscaffe:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:32Z"}