CVE-2006-3884

Name of the Vulnerable Software and Affected Versions Gonafish LinksCaffe version 3.0

Description The issue allows remote attackers to execute arbitrary SQL commands via the offset and limit parameters, newdays parameter in a new action, and the link id parameter in a deadlink action. This can also be used for path disclosure by forcing a SQL error or to modify PHP files using OUTFILE.

Recommendations For Gonafish LinksCaffe version 3.0, consider restricting access to the links.php file and validating user input for the offset, limit, newdays, and link id parameters to prevent SQL injection attacks. As a temporary workaround, consider disabling the links.php file until a patch is available.