Vulnerabilities > CVE-2007-2312 - Unspecified vulnerability in Vwar Virtual WAR 1.5.0R15

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
vwar
exploit available
NVD
Published: 2007-04-26
Updated: 2024-11-21

Summary

Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.

Vulnerable Configurations

Part Description Count
Application
Vwar
1

Exploit-Db

descriptionVWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability. CVE-2006-4142,CVE-2007-2312. Webapps exploit for php platform
fileexploits/php/webapps/2170.txt
idEDB-ID:2170
last seen2016-01-31
modified2006-08-10
platformphp
port
published2006-08-10
reporterbrOmstar
sourcehttps://www.exploit-db.com/download/2170/
titleVWar <= 1.50 R14 online.php Remote SQL Injection Vulnerability
typewebapps

References