ID CVE-2006-4141
Summary SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters.
References
Vulnerable Configurations
  • cpe:2.3:a:vwar:virtual_war:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0:r1:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0:r1:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20060809 Virtual War v1.5.0 <= Sql Injection vuln.
sreason 1383
xf virtualwar-news-sql-injection(28332)
Last major update 17-10-2018 - 21:33
Published 14-08-2006 - 23:04
Last modified 17-10-2018 - 21:33
Back to Top