Virtual War Security Vulnerabilities and Issues — Virtual War CVE List

Lucene search

VwarVirtual War

10 matches found

CVE•added 2007/08/31 12:17 a.m.•206 views

CVE-2007-4605

PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747.

7.5CVSS7.2AI score0.08058EPSS

CVE•added 2006/04/12 10:2 p.m.•54 views

CVE-2006-1747

PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) p...

7.5CVSS7.5AI score0.08058EPSS

CVE•added 2006/04/06 10:4 a.m.•46 views

CVE-2006-1636

PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503.

7.5CVSS7.2AI score0.01834EPSS

CVE•added 2006/06/22 10:6 p.m.•45 views

CVE-2006-3139

Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.

7.5CVSS8.4AI score0.01314EPSS

CVE•added 2008/02/13 8:0 p.m.•42 views

CVE-2008-0753

SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.

7.5CVSS8.4AI score0.00266EPSS

CVE•added 2006/08/07 7:4 p.m.•40 views

CVE-2006-4010

SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139.

7.5CVSS8.2AI score0.02116EPSS

CVE•added 2006/08/14 11:4 p.m.•40 views

CVE-2006-4142

SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.

7.5CVSS8.3AI score0.00916EPSS

CVE•added 2007/04/26 9:19 p.m.•40 views

CVE-2007-2312

Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, ...

7.5CVSS8.5AI score0.00916EPSS

CVE•added 2012/10/08 10:47 a.m.•40 views

CVE-2010-5063

SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.

7.5CVSS8.7AI score0.00424EPSS

CVE•added 2006/08/14 11:4 p.m.•29 views

CVE-2006-4141

SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters.

7.5CVSS8.8AI score0.00468EPSS