Virtual War versions 1.5.0 and below suffer from SQL injection flaws.
4bab84d3f460570e3110ca4dc434816ca26bbc3298f5e072f7b7d8787d173b07
VWar version 1.5.0 suffers from a SQL injection vulnerability in calendar.php. This particular version of VWar is already known to suffer from many other SQL injection vulnerabilities.
5bd18b9fcd088c43a87ef8c6ae3132f88f1c310468db05c761bebd03d03b66e7