Mercilessturk

**Name of the Vulnerable Software and Affected Versions** SpoonLabs Vivvo Article Management CMS versions 3.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `classified path` parameter when `register globals` is enabled. **Recommendations** For SpoonLabs Vivvo Article Management CMS versions 3.2 and earlier, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `index.php` file to minimize the risk of arbitrary PHP code execution. Avoid using the `classified path` parameter in the affected URL until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SpoonLabs Vivvo Article Management CMS versions 3.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the pdf version.php file. **Recommendations** For versions 3.2 and earlier, consider restricting access to the pdf version.php file until a fix is available. As a temporary workaround, avoid using the `id` parameter in the vulnerable file to minimize the risk of exploitation.