CVE-2007-3939
SpoonLabs Vivvo Article Management CMS < 3.40 - SQL Injection via Category Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2007-3939. PoCs published by Xianur0, ajann.
AI-analyzed exploit summary This Perl script exploits multiple vulnerabilities in Vivvo CMS, including RFI, SQL injection, and blind SQL injection. It checks the CMS version and attempts exploits based on known vulnerabilities for versions 3.2 and 3.4.
Description
SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
Exploits (2)
This Perl script exploits multiple vulnerabilities in Vivvo CMS, including RFI, SQL injection, and blind SQL injection. It checks the CMS version and attempts exploits based on known vulnerabilities for versions 3.2 and 3.4.
This is a JavaScript-based blind SQL injection exploit targeting Vivvo CMS <= 3.4. It automates the extraction of user password hashes by testing ASCII values of characters in the password field.