Vulnerability Name:
CVE-2006-1636 (CCN-25630)
Assigned:
2006-04-02
Published:
2006-04-02
Updated:
2018-10-18
Summary:
PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter.
Note
: this is a different vulnerability than
CVE-2006-1503
.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
7.5 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-94
Vulnerability Consequences:
Gain Access
References:
Source: CCN
Type: BugTraq Mailing List, Sun Apr 02 2006 - 05:13:03 CDT
VWar <= 1.5.0 R12 Remote File Inclusion Exploit
Source: MITRE
Type: CNA
CVE-2006-1636
Source: MISC
Type: Exploit
http://downloads.securityfocus.com/vulnerabilities/exploits/VWar_1.5.0_R12.pl
Source: CCN
Type: SA19524
Virtual War "vwar_root" File Inclusion Vulnerabilities
Source: SECUNIA
Type: Patch, Vendor Advisory
19524
Source: OSVDB
Type: UNKNOWN
24480
Source: CCN
Type: OSVDB ID: 24480
Virtual War (Vwar) includes/get_header.php vwar_root Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 24482
Virtual War (Vwar) includes/functions_front.php vwar_root Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 29113
Virtual War (Vwar) war.php vwar_root Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 29114
Virtual War (Vwar) member.php vwar_root Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 29115
Virtual War (Vwar) calendar.php vwar_root Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 29116
Virtual War (Vwar) challenge.php vwar_root Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 29117
Virtual War (Vwar) joinus.php vwar_root Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 29118
Virtual War (Vwar) news.php vwar_root Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 29119
Virtual War (Vwar) stats.php vwar_root Parameter Remote File Inclusion
Source: BUGTRAQ
Type: UNKNOWN
20060402 VWar <= 1.5.0 R12 Remote File Inclusion Exploit
Source: BID
Type: Exploit
17358
Source: CCN
Type: BID-17358
VWar Get_header.PHP Remote File Include Vulnerability
Source: VUPEN
Type: Vendor Advisory
ADV-2006-1228
Source: CCN
Type: Virtual War Web site
VWar - Virtual War
Source: XF
Type: UNKNOWN
virtualwar-getheader-file-include(25630)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:vwar:virtual_war:1.0.0:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.0.1:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.0.2:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.0.3:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.0.4:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.0.5:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.0.6:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.0.7:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.0.8:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.0.9:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.1.0:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.1.1:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.1.2:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.1.3:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.1.4:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.1.5:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.1.6:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.1.7:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.1.8:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.2.0:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.2.1:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.2.2:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.3:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.4:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r1:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r2:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r3:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r4:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r5:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r6:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r7:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r8:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r9:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r10:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r11:*:*:*:*:*:*:*
OR
cpe:/a:vwar:virtual_war:1.5.0_r12:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/h:xerox:document_centre_340:*:*:*:*:*:*:*:*
OR
cpe:/h:xerox:document_centre_220:*:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
vwar
virtual war 1.0.0
vwar
virtual war 1.0.1
vwar
virtual war 1.0.2
vwar
virtual war 1.0.3
vwar
virtual war 1.0.4
vwar
virtual war 1.0.5
vwar
virtual war 1.0.6
vwar
virtual war 1.0.7
vwar
virtual war 1.0.8
vwar
virtual war 1.0.9
vwar
virtual war 1.1.0
vwar
virtual war 1.1.1
vwar
virtual war 1.1.2
vwar
virtual war 1.1.3
vwar
virtual war 1.1.4
vwar
virtual war 1.1.5
vwar
virtual war 1.1.6
vwar
virtual war 1.1.7
vwar
virtual war 1.1.8
vwar
virtual war 1.2.0
vwar
virtual war 1.2.1
vwar
virtual war 1.2.2
vwar
virtual war 1.3
vwar
virtual war 1.4
vwar
virtual war 1.5
vwar
virtual war 1.5.0_r1
vwar
virtual war 1.5.0_r2
vwar
virtual war 1.5.0_r3
vwar
virtual war 1.5.0_r4
vwar
virtual war 1.5.0_r5
vwar
virtual war 1.5.0_r6
vwar
virtual war 1.5.0_r7
vwar
virtual war 1.5.0_r8
vwar
virtual war 1.5.0_r9
vwar
virtual war 1.5.0_r10
vwar
virtual war 1.5.0_r11
vwar
virtual war 1.5.0_r12
xerox
document centre 340 *
xerox
document centre 220 *
php
php 5.2.0
Denotes that component is vulnerable