Vulnerabilities > CVE-2006-1747 - Unspecified vulnerability in Vwar Virtual WAR 1.5.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
vwar
exploit available

Summary

PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) popup.php, and other unspecified scripts in the admin folder. NOTE: these are different attack vectors than CVE-2006-1636 and CVE-2006-1503.

Vulnerable Configurations

Part Description Count
Application
Vwar
1

Exploit-Db

  • descriptionVWar 1.5 stats.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform
    idEDB-ID:28356
    last seen2016-02-03
    modified2006-08-07
    published2006-08-07
    reporterAG-Spider
    sourcehttps://www.exploit-db.com/download/28356/
    titleVWar 1.5 stats.php vwar_root Parameter Remote File Inclusion
  • descriptionVWar 1.5 member.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform
    idEDB-ID:28351
    last seen2016-02-03
    modified2006-08-07
    published2006-08-07
    reporterAG-Spider
    sourcehttps://www.exploit-db.com/download/28351/
    titleVWar 1.5 member.php vwar_root Parameter Remote File Inclusion
  • descriptionVWar 1.5 news.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform
    idEDB-ID:28355
    last seen2016-02-03
    modified2006-08-07
    published2006-08-07
    reporterAG-Spider
    sourcehttps://www.exploit-db.com/download/28355/
    titleVWar 1.5 news.php vwar_root Parameter Remote File Inclusion
  • descriptionVWar 1.5 calendar.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform
    idEDB-ID:28352
    last seen2016-02-03
    modified2006-08-07
    published2006-08-07
    reporterAG-Spider
    sourcehttps://www.exploit-db.com/download/28352/
    titleVWar 1.5 calendar.php vwar_root Parameter Remote File Inclusion
  • descriptionVWar 1.5 war.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform
    idEDB-ID:28350
    last seen2016-02-03
    modified2006-08-07
    published2006-08-07
    reporterAG-Spider
    sourcehttps://www.exploit-db.com/download/28350/
    titleVWar 1.5 war.php vwar_root Parameter Remote File Inclusion
  • descriptionVWar 1.5 joinus.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform
    idEDB-ID:28354
    last seen2016-02-03
    modified2006-08-07
    published2006-08-07
    reporterAG-Spider
    sourcehttps://www.exploit-db.com/download/28354/
    titleVWar 1.5 joinus.php vwar_root Parameter Remote File Inclusion
  • descriptionVWar 1.5 challenge.php vwar_root Parameter Remote File Inclusion. CVE-2006-1747. Webapps exploit for php platform
    idEDB-ID:28353
    last seen2016-02-03
    modified2006-08-07
    published2006-08-07
    reporterAG-Spider
    sourcehttps://www.exploit-db.com/download/28353/
    titleVWar 1.5 challenge.php vwar_root Parameter Remote File Inclusion
  • idEDB-ID:1658