JoomSport <= 3.3 – SQL Injection | CVE 2019-14348

Affects Plugins

joomsport-sports-league-results-management

Fixed in 3.4

References

CVE

CVE-2019-14348

Exploitdb

47210

URL

https://hackpuntes.com/cve-2019-14348-joomsport-for-sports-sql-injection/

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.8 (critical)

Miscellaneous

Original Researcher

Pablo Santiago

Verified

No

WPVDB ID

20518ecd-2b14-46d2-af35-5f2a5eb0449c

Timeline

Publicly Published

2019-08-07 (about 4 years ago)

Added

2019-08-07 (about 4 years ago)

Last Updated

2020-09-22 (about 3 years ago)

Other

Published

Title

Published

2024-05-14

Title

Alt Text AI – Automatically generate image alt text for SEO and accessibility < 1.5.0 - Authenticated (Subscriber+) SQL Injection

Published

2023-01-24

Title

LearnPress Plugin < 4.2.0 - Subscriber+ SQLi

Published

2022-12-12

Title

Quote-O-Matic <= 1.0.5 - Admin+ SQLi

Published

2023-12-28

Title

WS Form LITE < 1.9.171 - Authenticated(Administrator+) SQL Injection

Published

2017-07-03

Title

WatuPRO < 5.5.3.7 - SQL Injection