CVE-2006-4714

SpoonLabs Vivvo Article Management CMS <3.2 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4714. PoCs published by MercilessTurk.

AI-analyzed exploit summary This is a writeup describing a file inclusion vulnerability in phpWordPress (Vivvo Article Manager) <=3.2. The vulnerability arises from the use of user-controlled input in an include statement when register_globals is enabled.

Description

PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED
by MercilessTurk · textwebappsphp
https://www.exploit-db.com/exploits/2339

This is a writeup describing a file inclusion vulnerability in phpWordPress (Vivvo Article Manager) <=3.2. The vulnerability arises from the use of user-controlled input in an include statement when register_globals is enabled.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: phpWordPress (Vivvo Article Manager) <=3.2
No auth needed
Prerequisites: register_globals = On · target software installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
perlwebappsphp
https://www.exploit-db.com/exploits/6789

This Perl script exploits multiple vulnerabilities in Vivvo CMS, including RFI, SQL injection, and blind SQL injection, targeting specific versions (3.2, 3.4). It automates detection and exploitation by fetching version info and attempting attacks based on the identified version.

Classification
Working Poc 95%
Attack Type
Rce | Sqli | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Vivvo CMS versions < 4 (specifically 3.2, 3.4)
No auth needed
Prerequisites: Network access to target Vivvo CMS instance · Vulnerable version of Vivvo CMS (< 4)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84147
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21855
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3548
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2339
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28834

Scores

EPSS 0.0339
EPSS Percentile 87.2%

Details

Status published
Products (2)
spoonlabs/vivvo_article_management_cms 3.2
spoonlabs/vivvo_article_management_cms < 3.25
Published Sep 12, 2006
Tracked Since Feb 18, 2026