Arko

**Name of the Vulnerable Software and Affected Versions** Virtual War (VWar) versions prior to 1.5 **Description** The issue allows remote attackers to obtain sensitive information via an invalid `vwar root` parameter in the "admin.php" endpoint, which reveals the path in an error message. **Recommendations** For Virtual War (VWar) versions prior to 1.5, consider restricting access to the "admin.php" endpoint until a fix is available, and avoid using an invalid `vwar root` parameter to minimize the risk of exploitation.