7.5
CVSSv2

CVE-2013-1852

Published: 05/02/2014 Updated: 05/02/2014
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

kolja schleich leaguemanager

kolja schleich leaguemanager 3.7

kolja schleich leaguemanager 3.6.9

kolja schleich leaguemanager 3.5.2

kolja schleich leaguemanager 3.5.1

kolja schleich leaguemanager 3.5

kolja schleich leaguemanager 3.4.2

kolja schleich leaguemanager 3.1.7

kolja schleich leaguemanager 3.1.6

kolja schleich leaguemanager 3.1.5

kolja schleich leaguemanager 3.1.4

kolja schleich leaguemanager 2.9

kolja schleich leaguemanager 3.6.7

kolja schleich leaguemanager 3.4.1

kolja schleich leaguemanager 3.2

kolja schleich leaguemanager 1.4.2

kolja schleich leaguemanager 3.1.1

kolja schleich leaguemanager 2.4.1

kolja schleich leaguemanager 2.1

kolja schleich leaguemanager 3.5.3

kolja schleich leaguemanager 2.6.3

kolja schleich leaguemanager 3.1.8

kolja schleich leaguemanager 2.9.1

kolja schleich leaguemanager 3.6.5

kolja schleich leaguemanager 3.6

kolja schleich leaguemanager 3.1.3

kolja schleich leaguemanager 2.9.3

kolja schleich leaguemanager 1.5

kolja schleich leaguemanager 2.8

kolja schleich leaguemanager 3.5.5

kolja schleich leaguemanager 3.4

kolja schleich leaguemanager 2.0

kolja schleich leaguemanager 3.0.4

kolja schleich leaguemanager 2.6.1

kolja schleich leaguemanager 2.7.1

kolja schleich leaguemanager 3.6.8

kolja schleich leaguemanager 1.2.2

kolja schleich leaguemanager 3.0.3

kolja schleich leaguemanager 2.2

kolja schleich leaguemanager 3.5.6

kolja schleich leaguemanager 3.0.2

kolja schleich leaguemanager 2.5.2

kolja schleich leaguemanager 2.9.2

kolja schleich leaguemanager 3.6.2

kolja schleich leaguemanager 3.1.9

kolja schleich leaguemanager 3.0.1

kolja schleich leaguemanager 1.3

kolja schleich leaguemanager 2.4

kolja schleich leaguemanager 3.6.1

kolja schleich leaguemanager 1.1

kolja schleich leaguemanager 3.1.2

kolja schleich leaguemanager 2.6.2

kolja schleich leaguemanager 2.5

kolja schleich leaguemanager 3.3

kolja schleich leaguemanager 2.5.1

kolja schleich leaguemanager 1.0

kolja schleich leaguemanager 1.4.1

kolja schleich leaguemanager 1.2.1

kolja schleich leaguemanager 2.6

kolja schleich leaguemanager 3.6.4

kolja schleich leaguemanager 3.5.4

kolja schleich leaguemanager 3.3.1

kolja schleich leaguemanager 2.3

kolja schleich leaguemanager 3.6.3

kolja schleich leaguemanager 1.2

kolja schleich leaguemanager 2.7

kolja schleich leaguemanager 3.2.2

kolja schleich leaguemanager 2.3.1

kolja schleich leaguemanager 3.6.6

kolja schleich leaguemanager 1.4

kolja schleich leaguemanager 3.2.1

kolja schleich leaguemanager 3.1

kolja schleich leaguemanager 3.0

Exploits

#!/usr/bin/ruby # # Exploit Title: WordPress LeagueManager Plugin v38 SQL Injection # Google Dork: inurl:"/wp-content/plugins/leaguemanager/" # Date: 13/03/13 # Exploit Author: Joshua Reynolds # Vendor Homepage: wordpressorg/extend/plugins/leaguemanager/ # Software Link: downloadswordpressorg/plugin/leaguemanager38zip # Version ...

Mailing Lists

WordPress LeagueManager plugin version 38 suffers from a remote SQL injection vulnerability Both an exploit along with patching recommendations are provided ...

Github Repositories

framework for web testing on multiple runtimes

arachne arachne is a small framework for creating scripts to scan, scrape, and play with the web on multiple runtimes Getting Started arachne runs on Python 27 It is highly recommended you make a virtualenv for your arachne installation Since arachne uses lxmlhtml, you need to have the libxml2 and libxslt packages You will also need libevent to run gevent On windows,