Intrusion Prevention

WordPress.LeagueManager.Plugin.SQL.Injection

Description

This indicates an attack attempt to exploit a SQL Injection vulnerability in WordPress LeagueManager Plugin.
The vulnerability is caused by a lack of sanitizing of the "league_id" parameter that is passed to "admin.php". A remote attacker can exploit this to send a crafted query to execute SQL commands on a vulnerable server.

Affected Products

WordPress LeagueManager Plugin v3.8

Impact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

CVE References

CVE-2013-1852