Virtual War@* Security Vulnerabilities and Issues — Virtual War@* CVE List

Lucene search

VwarVirtual War*

5 matches found

CVE•added 2007/08/31 12:17 a.m.•206 views

CVE-2007-4605

PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747.

7.5CVSS7.2AI score0.06976EPSS

CVE•added 2006/06/22 10:6 p.m.•45 views

CVE-2006-3139

Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.

7.5CVSS8.4AI score0.01314EPSS

CVE•added 2006/08/18 8:4 p.m.•43 views

CVE-2006-4224

Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009.

4.3CVSS5.7AI score0.03175EPSS

CVE•added 2007/04/26 9:19 p.m.•43 views

CVE-2007-2306

Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to...

4.3CVSS5.9AI score0.00351EPSS

CVE•added 2006/08/14 11:4 p.m.•29 views

CVE-2006-4141

SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters.

7.5CVSS8.8AI score0.00468EPSS