WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin JoomSport-for Sports: Team & League, Football, Hockey & more Multiple SQL Injection Vulnerabilities (5.2.5)

Description

WordPress Plugin JoomSport-for Sports: Team & League, Football, Hockey & more is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin JoomSport-for Sports: Team & League, Football, Hockey & more version 5.2.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 5.2.6 or latest

References

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2717

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2718

https://plugins.svn.wordpress.org/joomsport-sports-league-results-management/trunk/readme.txt

Related Vulnerabilities

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.14)

WordPress Ultimate Member Plugin Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10270)

Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)

PHP Other Vulnerability (CVE-2002-0121)

TYPO3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2010-5102)

Severity

High

Classification

CVE-2022-2717 CVE-2022-2718 CWE-89 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection