Vulnerability Name:

CVE-2005-4748 (CCN-25497)

Assigned:2005-12-31
Published:2005-12-31
Updated:2008-09-05
Summary:PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors.
Note: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file inclusion problem.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Mar 28 2006 - 01:00:16 CST
VWar <= 1.5.0 R11 Remote Code Execution Exploit

Source: CCN
Type: BugTraq Mailing List, Sat Apr 08 2006 - 08:27:58 CDT
Virtual War File Inclusion

Source: MITRE
Type: CNA
CVE-2005-4748

Source: MITRE
Type: CNA
CVE-2006-1503

Source: MITRE
Type: CNA
CVE-2006-1747

Source: CCN
Type: SA19438
Virtual War "vwar_root" File Inclusion Vulnerability

Source: CCN
Type: OSVDB ID: 24239
Virtual War (Vwar) includes/functions_install.php vwar_root Parameter Remote File Inclusion

Source: CCN
Type: OSVDB ID: 24606
Virtual War (Vwar) functions_admin.php Remote File Inclusion

Source: CCN
Type: OSVDB ID: 38986
Virtual War (VWar) convert/mvcw.php vwar_root Parameter Remote File Inclusion

Source: CCN
Type: BID-17290
VWar Functions_install.PHP Remote File Include Vulnerability

Source: BID
Type: Patch
17315

Source: CCN
Type: BID-17315
VWar Functions_Admin.PHP Remote File Include Vulnerability

Source: CCN
Type: BID-17443
VWar Admin.PHP Remote File Include Vulnerability

Source: CCN
Type: BID-19387
VWar Multiple Remote File Include Vulnerabilities

Source: CCN
Type: Virtual War Web site
VWar - Virtual War

Source: CONFIRM
Type: UNKNOWN
http://www.vwar.de/

Source: XF
Type: UNKNOWN
virtual-war-multiple-file-include(25497)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vwar:virtual_war:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:vwar:virtual_war:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:vwar:virtual_war:1.5.0_r10:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vwar virtual war 1.3
    vwar virtual war 1.4
    vwar virtual war 1.5.0_r10