Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php.

SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter.