SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Virtual_war | Vwar | * | 1.5.0 (including) |