2 matches found
CVE-2022-2718 JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2022-2718
Summary: CVE-2022-2718 affects the WordPress plugin “JoomSport – for Sports: Team & League, Football, Hockey & more.” The vulnerability is an SQL injection in the orderby parameter on the joomsport-page-extrafields page, before/during version 5.2.5. The root cause is insufficient escaping and ina...