Intrusion Prevention



This indicates an attack attempt to exploit a SQL Injection vulnerability in WordPress LeagueManager Plugin.
The vulnerability is caused by a lack of sanitizing of the "league_id" parameter that is passed to "admin.php". A remote attacker can exploit this to send a crafted query to execute SQL commands on a vulnerable server.

Affected Products

WordPress LeagueManager Plugin v3.8


Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

CVE References