News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

FrSIRT:
Vivvo Article Management CMS SQL Injection and PHP File Inclusion Vulnerabilities
September 18, 2006 @ 14:08:57

The FrSIRT site has posted a new advisory for users of the Vivvo Article Management CMS software about potential holes that could allow for some very large-scale damage to be done.

Multiple vulnerabilities have been identified in Vivvo Article Management CMS, which could be exploited by remote attackers to compromise a vulnerable server.

The first issue is due to an input validation error in the "pdf_version.php" script that does not validate the "id" parameter before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.

The second vulnerability is due to an input validation error in the "index.php" script that do not validate the "classified_path" parameter, which may be exploited by remote attackers to include local or remote scripts with the privileges of the web server.

Versions 3.2 and higher of the software are effected, and, unfortunately, there has been no patch issued for the issue.

0 comments voice your opinion now!
security issue vivvo article management cms sql injection file inclusion security issue vivvo article management cms sql injection file inclusion


blog comments powered by Disqus

Similar Posts

7PHP.com: Win (TWO) Free Tickets To Hear Rob Allen Introduce Zend Framework 2 (Nomad PHP)

OurBlogLog.com: Joomla vs Drupal , The Sad Truth

ServerGrove Blog: Implementing a staging/live website system with symfony and Apostrophe CMS

International PHP Magazine: IPM Poll Question: Which is your Favorite CMS written in PHP?

Devshed: Email Management Details


Community Events





Don't see your event here?
Let us know!


interview conference symfony version opinion composer list api extension release series voicesoftheelephpant install introduction podcast configure unittest community language laravel

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework