CVE-2017-18287
PvPGN Stats 2.4.6 is vulnerable to SQL injection in ladder/stats.php via the POST user_search parameter. The issue (CVE-2017-18287) allows an attacker to manipulate queries, potentially exposing the PvPGN database (including email, username, and password). No patch/version details are provided in...