Vulnerabilities > CVE-2006-4715 - SQL Injection vulnerability in Spoonlabs Vivvo Article Management CMS 3.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. This vulnerability is addressed in a patch for version 3.25 of this product.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description Vivvo CMS <= 3.4 Multiple Vulnerabilities Destroyer Exploit. CVE-2006-4714,CVE-2006-4715,CVE-2007-3939. Webapps exploit for php platform id EDB-ID:6789 last seen 2016-02-01 modified 2008-10-19 published 2008-10-19 reporter Xianur0 source https://www.exploit-db.com/download/6789/ title Vivvo CMS <= 3.4 - Multiple Vulnerabilities Destroyer Exploit description Vivvo Article Manager <= 3.2 (id) Remote SQL Injection Vulnerability. CVE-2006-4715. Webapps exploit for php platform file exploits/php/webapps/2337.txt id EDB-ID:2337 last seen 2016-01-31 modified 2006-09-09 platform php port published 2006-09-09 reporter MercilessTurk source https://www.exploit-db.com/download/2337/ title Vivvo Article Manager <= 3.2 id Remote SQL Injection Vulnerability type webapps
References
- http://secunia.com/advisories/21855
- http://securitydot.net/xpl/exploits/vulnerabilities/articles/1464/exploit.html
- http://www.securityfocus.com/bid/19934
- http://www.vupen.com/english/advisories/2006/3548
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28833
- https://www.exploit-db.com/exploits/2337