CVE-2006-3139

Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.

Published: 2006-06-22 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2006-3139 is rated Moderate Risk (57.6/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.31%). Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2006-3139

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-07-16	1.37%	1.31%	-0.05%
2	2025-03-30	1.34%	1.37%	+0.03%
3	2025-03-29	—	1.34%	—

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-3139

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	2.0	HIGH	`AV:N/AC:L/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	10.0	6.4	[email protected]

Weakness enumeration for CVE-2006-3139

CWE-89 MITRE ↗

Affected software / configurations for CVE-2006-3139

Vendor	Product	Version	Raw CPE
vwar	virtual_war	<= 1.5.0_r14	cpe:2.3:a:vwar:virtual_war::::::::
vwar	virtual_war	1.5.0_r1	cpe:2.3:a:vwar:virtual_war:1.5.0_r1:::::::*
vwar	virtual_war	1.5.0_r2	cpe:2.3:a:vwar:virtual_war:1.5.0_r2:::::::*
vwar	virtual_war	1.5.0_r3	cpe:2.3:a:vwar:virtual_war:1.5.0_r3:::::::*
vwar	virtual_war	1.5.0_r4	cpe:2.3:a:vwar:virtual_war:1.5.0_r4:::::::*
vwar	virtual_war	1.5.0_r5	cpe:2.3:a:vwar:virtual_war:1.5.0_r5:::::::*
vwar	virtual_war	1.5.0_r6	cpe:2.3:a:vwar:virtual_war:1.5.0_r6:::::::*
vwar	virtual_war	1.5.0_r7	cpe:2.3:a:vwar:virtual_war:1.5.0_r7:::::::*
vwar	virtual_war	1.5.0_r8	cpe:2.3:a:vwar:virtual_war:1.5.0_r8:::::::*
vwar	virtual_war	1.5.0_r9	cpe:2.3:a:vwar:virtual_war:1.5.0_r9:::::::*
vwar	virtual_war	1.5.0_r10	cpe:2.3:a:vwar:virtual_war:1.5.0_r10:::::::*
vwar	virtual_war	1.5.0_r11	cpe:2.3:a:vwar:virtual_war:1.5.0_r11:::::::*
vwar	virtual_war	1.5.0_r12	cpe:2.3:a:vwar:virtual_war:1.5.0_r12:::::::*
vwar	virtual_war	1.5.0_r13	cpe:2.3:a:vwar:virtual_war:1.5.0_r13:::::::*

References for CVE-2006-3139

URL	Tags
http://archives.neohapsis.com/archives/bugtraq/2008-02/0186.html
http://pridels0.blogspot.com/2006/06/virtual-war-multiple-sql-inj-vuln.html
http://secunia.com/advisories/20696	Vendor Advisory
http://www.osvdb.org/26533
http://www.securityfocus.com/archive/1/443171/100/0/threaded
http://www.securityfocus.com/archive/1/488118/100/200/threaded
http://www.securityfocus.com/bid/27772
http://www.vupen.com/english/advisories/2006/2383	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27153
https://exchange.xforce.ibmcloud.com/vulnerabilities/40481

cvelogic Threat Intelligence