Vulnerabilities > CVE-2007-2312 - SQL-Injection vulnerability in Vwar Virtual WAR 1.5.0R15
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability. CVE-2006-4142,CVE-2007-2312. Webapps exploit for php platform |
| file | exploits/php/webapps/2170.txt |
| id | EDB-ID:2170 |
| last seen | 2016-01-31 |
| modified | 2006-08-10 |
| platform | php |
| port | |
| published | 2006-08-10 |
| reporter | brOmstar |
| source | https://www.exploit-db.com/download/2170/ |
| title | VWar <= 1.50 R14 online.php Remote SQL Injection Vulnerability |
| type | webapps |
References
- http://securityreason.com/securityalert/2642
- http://www.attrition.org/pipermail/vim/2007-April/001519.html
- http://www.securityfocus.com/archive/1/465612/100/0/threaded
- http://www.securityfocus.com/bid/23478
- http://www.waraxe.us/advisory-48.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33649