Vulnerabilities > CVE-2006-4714 - Remote Security vulnerability in Spoonlabs Vivvo Article Management CMS 3.2

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
spoonlabs
exploit available

Summary

PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter. Successful exploitation requires that "register_globals" is enabled. This vulnerability is addressed in a patch for version 3.25 of the product.

Vulnerable Configurations

Part Description Count
Application
Spoonlabs
2

Exploit-Db

  • descriptionVivvo CMS <= 3.4 Multiple Vulnerabilities Destroyer Exploit. CVE-2006-4714,CVE-2006-4715,CVE-2007-3939. Webapps exploit for php platform
    idEDB-ID:6789
    last seen2016-02-01
    modified2008-10-19
    published2008-10-19
    reporterXianur0
    sourcehttps://www.exploit-db.com/download/6789/
    titleVivvo CMS <= 3.4 - Multiple Vulnerabilities Destroyer Exploit
  • descriptionVivvo Article Manager <= 3.2 (classified_path) File Include Vulnerability. CVE-2006-4714. Webapps exploit for php platform
    fileexploits/php/webapps/2339.txt
    idEDB-ID:2339
    last seen2016-01-31
    modified2006-09-09
    platformphp
    port
    published2006-09-09
    reporterMercilessTurk
    sourcehttps://www.exploit-db.com/download/2339/
    titleVivvo Article Manager <= 3.2 - classified_path File Include Vulnerability
    typewebapps