cve/2013/CVE-2013-1852.md

CVE-2013-1852

Description

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.

POC

Reference

• http://packetstormsecurity.com/files/120817/WordPress-LeagueManager-3.8-SQL-Injection.html

Github

• https://github.com/20142995/nuclei-templates
• https://github.com/gzzo/arachne