CVE-2022-4871
CVE-2022-4871 affects nflpick-em.com up to version 2.2.x. The vulnerability is in the _Load_Users function of html/includes/runtime/admin/JSON/LoadUsers.php, where manipulating the sort parameter enables SQL injection. The administrative JSON entrypoint is required for exploitation, and remote in...