Vulnerabilities > Vwar > Virtual WAR > 1.5.0.r4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-14 | CVE-2006-4142 | SQL Injection vulnerability in VWar Virtual WAR SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter. | 7.5 |
2006-06-22 | CVE-2006-3139 | SQL Injection vulnerability in Vwar Virtual WAR Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters. | 7.5 |
2006-04-06 | CVE-2006-1636 | Code Injection vulnerability in Vwar Virtual WAR PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. | 7.5 |
2006-03-30 | CVE-2006-1503 | Code Injection vulnerability in Vwar Virtual WAR PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter. | 5.1 |