1. CVE-Search
  2. CVE-2006-4142
ID CVE-2006-4142
Summary SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:vwar:virtual_war:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r1:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r1:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r2:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r2:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r3:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r3:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r4:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r4:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r5:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r5:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r6:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r6:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r7:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r7:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r8:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r8:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r9:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r9:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r10:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r10:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r11:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r11:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r12:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r12:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r13:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r13:*:*:*:*:*:*:*
  • cpe:2.3:a:vwar:virtual_war:1.5.0_r14:*:*:*:*:*:*:*
    cpe:2.3:a:vwar:virtual_war:1.5.0_r14:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19472
bugtraq 20060811 VWar <= 1.50 R14 (n) Remote SQL Injection
confirm http://www.vwar.de/
exploit-db 2170
sreason 1384
vim 20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke
xf virtualwar-online-sql-injection(28323)
Last major update 17-10-2018 - 21:33
Published 14-08-2006 - 23:04
Last modified 17-10-2018 - 21:33
Back to Top