Design/Logic Flaw

2006-04-2910:02:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message.

CPENameOperatorVersion
virtual_wareq1.0.8
virtual_wareq1.1.8
virtual_wareq1.0.4
virtual_wareq1.5
virtual_wareq1.1.5
virtual_wareq1.1.0
virtual_wareq1.1.6
virtual_wareq1.0.6
virtual_wareq1.0.1
virtual_wareq1.0.9

Name	Operator	Version
virtual_war	eq	1.0.8
virtual_war	eq	1.1.8
virtual_war	eq	1.0.4
virtual_war	eq	1.5
virtual_war	eq	1.1.5
virtual_war	eq	1.1.0
virtual_war	eq	1.1.6
virtual_war	eq	1.0.6
virtual_war	eq	1.0.1
virtual_war	eq	1.0.9