Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3139

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3139
Last Modified 06 Aug 2013 03:53:33
Published 22 Jun 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3139

Summary

Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.

Vulnerable Systems

Application

  • Vwar Virtual War 1.5.0 R1

  • Vwar Virtual War 1.5.0 R10

  • Vwar Virtual War 1.5.0 R11

  • Vwar Virtual War 1.5.0 R12

  • Vwar Virtual War 1.5.0 R13

  • Vwar Virtual War 1.5.0 R14

  • Vwar Virtual War 1.5.0 R2

  • Vwar Virtual War 1.5.0 R3

  • Vwar Virtual War 1.5.0 R4

  • Vwar Virtual War 1.5.0 R5

  • Vwar Virtual War 1.5.0 R6

  • Vwar Virtual War 1.5.0 R7

  • Vwar Virtual War 1.5.0 R8

  • Vwar Virtual War 1.5.0 R9


References

XF - virtualwar-warphp-sql-injection(40481)

XF - virtualwar-war-sql-injection(27153)

VUPEN - ADV-2006-2383

BID - 27772

BUGTRAQ - 20080213 Re: Vwar New Bug

BUGTRAQ - 20060814 Virtual War v1.5.0 SQL injection and XSS

OSVDB - 26533

SECUNIA - 20696

MISC - http://pridels0.blogspot.com/2006/06/virtual-war-multiple-sql-inj-vuln.html

BUGTRAQ - 20080213 Vwar New Bug


Last Updated: 27 May 2016 10:42:54