Vulnerabilities > CVE-2006-4714 - Remote Security vulnerability in Spoonlabs Vivvo Article Management CMS 3.2
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter. Successful exploitation requires that "register_globals" is enabled. This vulnerability is addressed in a patch for version 3.25 of the product.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description Vivvo CMS <= 3.4 Multiple Vulnerabilities Destroyer Exploit. CVE-2006-4714,CVE-2006-4715,CVE-2007-3939. Webapps exploit for php platform id EDB-ID:6789 last seen 2016-02-01 modified 2008-10-19 published 2008-10-19 reporter Xianur0 source https://www.exploit-db.com/download/6789/ title Vivvo CMS <= 3.4 - Multiple Vulnerabilities Destroyer Exploit description Vivvo Article Manager <= 3.2 (classified_path) File Include Vulnerability. CVE-2006-4714. Webapps exploit for php platform file exploits/php/webapps/2339.txt id EDB-ID:2339 last seen 2016-01-31 modified 2006-09-09 platform php port published 2006-09-09 reporter MercilessTurk source https://www.exploit-db.com/download/2339/ title Vivvo Article Manager <= 3.2 - classified_path File Include Vulnerability type webapps
References
- http://secunia.com/advisories/21855
- http://securitydot.net/xpl/exploits/vulnerabilities/articles/1467/exploit.html
- http://www.securityfocus.com/bid/84147
- http://www.vupen.com/english/advisories/2006/3548
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28834
- https://www.exploit-db.com/exploits/2339