2 matches found
JoomSport <= 5.7.7 - SQL Injection
The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...
PT-2025-5636 · Tshock · Tshock
Name of the Vulnerable Software and Affected Versions: TShock affected versions not specified Description: This issue allows malicious clients to connect to a server without completing the connection handshake, occupying a player slot, and receiving data from the server, even if they are banned...