ID | CVE-2006-1747 | ||||||||||
Summary | PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) popup.php, and other unspecified scripts in the admin folder. NOTE: these are different attack vectors than CVE-2006-1636 and CVE-2006-1503. | ||||||||||
References |
|
||||||||||
Vulnerable Configurations |
|
||||||||||
CVSS |
|
||||||||||
CWE | NVD-CWE-Other | ||||||||||
CAPEC |
|
||||||||||
Access |
|
||||||||||
Impact |
|
||||||||||
cvss-vector via4 | AV:N/AC:L/Au:N/C:P/I:P/A:P | ||||||||||
refmap via4 |
|
||||||||||
Last major update | 14-02-2024 - 01:17 | ||||||||||
Published | 12-04-2006 - 22:02 | ||||||||||
Last modified | 14-02-2024 - 01:17 |