SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Virtual_war |
Vwar |
* |
1.5.0 (including) |
References