CVE-2006-1503

Name of the Vulnerable Software and Affected Versions: Virtual War (VWar) versions 1.5.0 R11 and earlier

Description: The issue allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar root parameter. This is due to a PHP remote file inclusion vulnerability in the includes/functions install.php file.

Recommendations: For Virtual War (VWar) versions 1.5.0 R11 and earlier, consider restricting access to the includes/functions install.php file until a patch is available. As a temporary workaround, avoid using the vwar root parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.