← Back

CVE-2006-1636

nvd nist
Published: Apr 6, 2006Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503.

Affected (37)

Products: Vwar: Virtual War
Vwar
1 product
Virtual War
Configuration A
37 vulnerable
Vulnerable SoftwareAffected Versions
Vwar
Virtual War
Version 1.0.0
Virtual War
Version 1.0.1
Virtual War
Version 1.0.2
Virtual War
Version 1.0.3
Virtual War
Version 1.0.4
Virtual War
Version 1.0.5
Virtual War
Version 1.0.6
Virtual War
Version 1.0.7
Virtual War
Version 1.0.8
Virtual War
Version 1.0.9
Virtual War
Version 1.1.0
Virtual War
Version 1.1.1
Virtual War
Version 1.1.2
Virtual War
Version 1.1.3
Virtual War
Version 1.1.4
Virtual War
Version 1.1.5
Virtual War
Version 1.1.6
Virtual War
Version 1.1.7
Virtual War
Version 1.1.8
Virtual War
Version 1.2.0
Virtual War
Version 1.2.1
Virtual War
Version 1.2.2
Virtual War
Version 1.3
Virtual War
Version 1.4
Virtual War
Version 1.5.0_r10
Virtual War
Version 1.5.0_r11
Virtual War
Version 1.5.0_r12
Virtual War
Version 1.5.0_r1
Virtual War
Version 1.5.0_r2
Virtual War
Version 1.5.0_r3
Virtual War
Version 1.5.0_r4
Virtual War
Version 1.5.0_r5
Virtual War
Version 1.5.0_r6
Virtual War
Version 1.5.0_r7
Virtual War
Version 1.5.0_r8
Virtual War
Version 1.5.0_r9
Virtual War
Version 1.5

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.