Virtual War Security Vulnerabilities and Issues — Virtual War CVE List

Lucene search

VwarVirtual War

11 matches found

CVE•added 2006/03/30 1:6 a.m.•58 views

CVE-2006-1503

PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1636.

5.1CVSS7.2AI score0.01617EPSS

CVE•added 2006/04/12 10:2 p.m.•54 views

CVE-2006-1747

PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) p...

7.5CVSS7.5AI score0.06976EPSS

CVE•added 2006/04/06 10:4 a.m.•46 views

CVE-2006-1636

PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503.

7.5CVSS7.2AI score0.01617EPSS

CVE•added 2006/06/22 10:6 p.m.•45 views

CVE-2006-3139

Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.

7.5CVSS8.4AI score0.01314EPSS

CVE•added 2006/08/07 7:4 p.m.•44 views

CVE-2006-4009

Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3CVSS5.7AI score0.03175EPSS

CVE•added 2006/08/18 8:4 p.m.•43 views

CVE-2006-4224

Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009.

4.3CVSS5.7AI score0.03175EPSS

CVE•added 2006/08/07 7:4 p.m.•40 views

CVE-2006-4010

SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139.

7.5CVSS8.2AI score0.02116EPSS

CVE•added 2006/08/14 11:4 p.m.•40 views

CVE-2006-4142

SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.

7.5CVSS8.3AI score0.00916EPSS

CVE•added 2006/04/29 10:2 a.m.•37 views

CVE-2006-2091

admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message.

5CVSS6.2AI score0.00391EPSS

CVE•added 2006/03/30 1:0 a.m.•36 views

CVE-2005-4748

PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file ...

6.8CVSS7.9AI score0.00734EPSS

CVE•added 2006/08/14 11:4 p.m.•29 views

CVE-2006-4141

SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters.

7.5CVSS8.8AI score0.00468EPSS