5 matches found
CVE-2017-18287
PvPGN Stats 2.4.6 is vulnerable to SQL injection in ladder/stats.php via the POST user_search parameter. The issue (CVE-2017-18287) allows an attacker to manipulate queries, potentially exposing the PvPGN database (including email, username, and password). No patch/version details are provided in...
CVE-2017-18289
PvPGN Stats 2.4.6 contains an SQL injection in ladder/stats.php triggered by an unsafely handled GET type parameter. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CVE listing) as a SQL injection that could allow remote attackers to access the PvPGN database, potentially exp...
CVE-2017-18291
The CVE-2017-18291 issue affects PvPGN Stats 2.4.6, where the ladder/stats.php script is vulnerable to SQL injection via the GET parameter user due to failure to filter database queries. This vulnerability can lead to unauthorized access to the PvPGN database (including email, username and passwo...
CVE-2017-18288
The CVE-2017-18288 issue affects PvPGN Stats 2.4.6. A SQL injection exists in ladder/stats.php via the GET game parameter, due to insufficient input filtering in the code. This can allow an attacker to manipulate database queries, potentially accessing sensitive data. The connected Red Hat and CN...
CVE-2017-18290
CVE-2017-18290 affects PvPGN Stats 2.4.6. A SQL injection flaw exists in ladder/stats.php exploitable via the GET sort_direction parameter, enabling access to the PvPGN database (including emails, usernames, and passwords per CNVD). CVSS: 2.0/3.0 indicate high/critical impact on confidentiality, ...