Vwar: >> Virtual War >> 1.5.0_r1 Security Vulnerabilities
SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2006-08-14
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.
CVSS Score
7.5
EPSS Score
0.013
Published
2006-06-22
PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503.
CVSS Score
7.5
EPSS Score
0.018
Published
2006-04-06
PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1636.
CVSS Score
5.1
EPSS Score
0.018
Published
2006-03-30