Vulnerabilities > Vwar > Virtual WAR > 1.5.0.r4

DATE CVE VULNERABILITY TITLE RISK
2006-08-14 CVE-2006-4142 SQL Injection vulnerability in VWar Virtual WAR
SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.
network
low complexity
vwar
7.5
7.5
2006-06-22 CVE-2006-3139 SQL Injection vulnerability in Vwar Virtual WAR
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.
network
low complexity
vwar CWE-89
7.5
7.5
2006-04-06 CVE-2006-1636 Code Injection vulnerability in Vwar Virtual WAR
PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter.
network
low complexity
vwar CWE-94
7.5
7.5
2006-03-30 CVE-2006-1503 Code Injection vulnerability in Vwar Virtual WAR
PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter.
network
high complexity
vwar CWE-94
5.1
5.1