Detections
Analytics

CVE-2006-3884

critical

Description

Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27962

https://exchange.xforce.ibmcloud.com/vulnerabilities/27961

http://www.vupen.com/english/advisories/2006/2983

http://www.securityfocus.com/archive/1/441087/100/0/threaded

http://www.osvdb.org/27518

http://securitytracker.com/id?1016584

http://securityreason.com/securityalert/1287

http://secunia.com/advisories/21212

Details

Source: Mitre, NVD

Published: 2006-07-27

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0277