Wordpress LeagueManager Plugin Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with Wordpress LeagueManager Plugin and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

Solution

Update to version 3.8.1 or later, For updates refer to http://wordpress.org/support/plugin/leaguemanager

Insight

Multiple flaws due to, - Input passed via the 'league_id' POST parameter to wp-admin/admin.php is not properly sanitized before being returned to the user. - Not sufficiently verify authorization when accessing the CSV export functionality.

Affected

WordPress LeagueManager Plugin Version 3.8

References

http://1337day.com/exploit/20511
http://cxsecurity.com/issue/WLB-2013030138
http://osvdb.org/91442

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-1852
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Baby Gekko CMS Multiple Vulnerabilities
Arkeia Appliance Path Traversal Vulnerability
Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Apple Safari RSS Feed Information Disclosure Vulnerability

Take action and discover your vulnerabilities