CVE-2008-0753

Vwar Virtual War - SQL Injection

Title source: rule

Description

SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Pouya_Server · textwebappsphp

https://www.exploit-db.com/exploits/31134

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://securityreason.com/securityalert/3643

[Exploit] http://www.securityfocus.com/bid/27722

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487900/100/0/threaded

Scores

EPSS 0.0027

EPSS Percentile 49.7%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

vwar/virtual_war

Timeline

Published Feb 13, 2008

Tracked Since Feb 18, 2026