CVE-2013-1852

Currently unrated

Key Information:

Vendor: Wordpress
Status: Leaguemanager
Vendor: CVE Published:; 5 February 2014

Summary

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.

References

http://www.exploit-db.com/exploits/24789

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/120817/WordPress-Lea...

x_refsource_MISC

http://wordpress.org/plugins/leaguemanager/changelog

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 5, 2014
Vulnerability Reserved
Feb 19, 2013