Published: 05/02/2014 Updated: 05/02/2014

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin prior to 3.8.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kolja schleich leaguemanager
kolja schleich leaguemanager 3.7
kolja schleich leaguemanager 3.6.9
kolja schleich leaguemanager 3.5.2
kolja schleich leaguemanager 3.5.1
kolja schleich leaguemanager 3.5
kolja schleich leaguemanager 3.4.2
kolja schleich leaguemanager 3.1.7
kolja schleich leaguemanager 3.1.6
kolja schleich leaguemanager 3.1.5
kolja schleich leaguemanager 3.1.4
kolja schleich leaguemanager 2.9
kolja schleich leaguemanager 2.8
kolja schleich leaguemanager 2.7.1
kolja schleich leaguemanager 2.1
kolja schleich leaguemanager 2.0
kolja schleich leaguemanager 1.5
kolja schleich leaguemanager 1.4.2
kolja schleich leaguemanager 3.6.7
kolja schleich leaguemanager 3.6.5
kolja schleich leaguemanager 3.6
kolja schleich leaguemanager 3.5.5
kolja schleich leaguemanager 3.5.3
kolja schleich leaguemanager 3.4.1
kolja schleich leaguemanager 3.4
kolja schleich leaguemanager 3.2
kolja schleich leaguemanager 3.1.8
kolja schleich leaguemanager 3.1.3
kolja schleich leaguemanager 3.1.1
kolja schleich leaguemanager 3.0.4
kolja schleich leaguemanager 2.9.3
kolja schleich leaguemanager 2.9.1
kolja schleich leaguemanager 2.6.3
kolja schleich leaguemanager 2.6.1
kolja schleich leaguemanager 2.4.1
kolja schleich leaguemanager 2.3.1
kolja schleich leaguemanager 2.2
kolja schleich leaguemanager 1.4.1
kolja schleich leaguemanager 1.3
kolja schleich leaguemanager 3.6.4
kolja schleich leaguemanager 3.6.3
kolja schleich leaguemanager 3.6.2
kolja schleich leaguemanager 3.6.1
kolja schleich leaguemanager 3.3.1
kolja schleich leaguemanager 3.3
kolja schleich leaguemanager 3.2.2
kolja schleich leaguemanager 3.2.1
kolja schleich leaguemanager 3.0.3
kolja schleich leaguemanager 3.0.2
kolja schleich leaguemanager 3.0.1
kolja schleich leaguemanager 3.0
kolja schleich leaguemanager 2.6
kolja schleich leaguemanager 2.5.2
kolja schleich leaguemanager 2.5.1
kolja schleich leaguemanager 2.5
kolja schleich leaguemanager 1.2.1
kolja schleich leaguemanager 1.2
kolja schleich leaguemanager 1.1
kolja schleich leaguemanager 1.0
kolja schleich leaguemanager 3.6.8
kolja schleich leaguemanager 3.6.6
kolja schleich leaguemanager 3.5.6
kolja schleich leaguemanager 3.5.4
kolja schleich leaguemanager 3.1.9
kolja schleich leaguemanager 3.1.2
kolja schleich leaguemanager 3.1
kolja schleich leaguemanager 2.9.2
kolja schleich leaguemanager 2.7
kolja schleich leaguemanager 2.6.2
kolja schleich leaguemanager 2.4
kolja schleich leaguemanager 2.3
kolja schleich leaguemanager 1.4
kolja schleich leaguemanager 1.2.2

#!/usr/bin/ruby # # Exploit Title: WordPress LeagueManager Plugin v38 SQL Injection # Google Dork: inurl:"/wp-content/plugins/leaguemanager/" # Date: 13/03/13 # Exploit Author: Joshua Reynolds # Vendor Homepage: wordpressorg/extend/plugins/leaguemanager/ # Software Link: downloadswordpressorg/plugin/leaguemanager38zip # Version ...

WordPress LeagueManager plugin version 38 suffers from a remote SQL injection vulnerability Both an exploit along with patching recommendations are provided ...

framework for web testing on multiple runtimes

arachne arachne is a small framework for creating scripts to scan, scrape, and play with the web on multiple runtimes Getting Started arachne runs on Python 27 It is highly recommended you make a virtualenv for your arachne installation Since arachne uses lxmlhtml, you need to have the libxml2 and libxslt packages You will also need libevent to run gevent On windows,

CWE-89 http://osvdb.org/91442 http://packetstormsecurity.com/files/120817/WordPress-LeagueManager-3.8-SQL-Injection.html http://wordpress.org/plugins/leaguemanager/changelog http://www.exploit-db.com/exploits/24789 https://nvd.nist.gov https://github.com/gzzo/arachne https://www.exploit-db.com/exploits/24789/

CVE-2013-1852

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect