This patches a weblinks SQL injection hole reported here - http://www.securityfocus.com/bid/18492/info.

Just extract the patch into your existing mambo installation.  It has the correct structure.  Or if you prefer to manually patch the hole then open /components/com_weblinks/weblinks.php and at line 250 add the following two lines:

$row->title = $database->getEscaped($row->title);
$row->catid = $database->getEscaped($row->catid);
