Every CVE whose affected-product data names Vwar Virtual War, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2007-4605 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute…
CVE-2008-0753 — CVSS 7.5 (high): SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the…
CVE-2006-1636 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP…
CVE-2006-1747 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the…
CVE-2006-4142 — CVSS 7.5 (high): SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary…
CVE-2010-5063 — CVSS 7.5 (high): SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via…
CVE-2007-2312 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary…
CVE-2006-3139 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary…
CVE-2006-4010 — CVSS 7.5 (high): SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands…
CVE-2006-4141 — CVSS 7.5 (high): SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands…
CVE-2010-5067 — CVSS 6.8 (medium): Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote…
CVE-2005-4748 — CVSS 6.8 (medium): PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute…
CVE-2006-1503 — CVSS 5.1 (medium): PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote…
CVE-2011-3813 — CVSS 5.0 (medium): Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals…
CVE-2006-2091 — CVSS 5.0 (medium): admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid…
CVE-2010-5065 — CVSS 5.0 (medium): popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a…
CVE-2010-5279 — CVSS 5.0 (medium): article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large…
CVE-2006-4009 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web…
CVE-2010-5066 — CVSS 4.3 (medium): The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to…
CVE-2006-4224 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject…
CVE-2007-2306 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when…
CVE-2010-5064 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web…