CVE-2007-2312 - OpenCVE

Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Vwar	Virtual War

Configuration 1 [-]

cpe:2.3:a:vwar:virtual_war:1.5.0_r15:*:*:*:*:*:*:*

References

Link	Resource
http://securityreason.com/securityalert/2642
http://www.attrition.org/pipermail/vim/2007-April/001519.html	Exploit
http://www.securityfocus.com/archive/1/465612/100/0/threaded
http://www.securityfocus.com/bid/23478	Exploit
http://www.waraxe.us/advisory-48.html	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/33649

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-26T21:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-04-26T00:00:00

Link: CVE-2007-2312

JSON object: View

NVD Information

Status : Modified

Published: 2007-04-26T21:19:00.000

Modified: 2018-10-16T16:43:09.790

Link: CVE-2007-2312

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-April/001519.html"}, {"name": "vwar-online-sql-injection(33649)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33649"}, {"name": "23478", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23478"}, {"name": "20070413 [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"}, {"name": "2642", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2642"}, {"tags": ["x_refsource_MISC"], "url": "http://www.waraxe.us/advisory-48.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2312", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070413 DUP?: [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-April/001519.html"}, {"name": "vwar-online-sql-injection(33649)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33649"}, {"name": "23478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23478"}, {"name": "20070413 [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"}, {"name": "2642", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2642"}, {"name": "http://www.waraxe.us/advisory-48.html", "refsource": "MISC", "url": "http://www.waraxe.us/advisory-48.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2312", "datePublished": "2007-04-26T21:00:00", "dateReserved": "2007-04-26T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vwar:virtual_war:1.5.0_r15:*:*:*:*:*:*:*", "matchCriteriaId": "B7FAD0E2-D7F0-4173-96BA-1675CCEB16DF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Virtual War (VWar) 1.5.0 R15 m\u00f3dulo para PHP-Nuke permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro n en extra/online.php y otros scripts no especificados en extra/.\r\nNOTA: esta podr\u00eda ser la misma vulnerabilidad que CVE-2006-4142; sin embargo, hay un anuncio de reparaci\u00f3n del fabricante interviniente."}], "id": "CVE-2007-2312", "lastModified": "2018-10-16T16:43:09.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-26T21:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2642"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.attrition.org/pipermail/vim/2007-April/001519.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/465612/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23478"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.waraxe.us/advisory-48.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33649"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}