RSS   Vulnerabilities for 'Joomsport'   RSS

2021-07-06
 
CVE-2021-24384

CWE-502
 

 
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE

 
2019-08-05
 
CVE-2019-14348

CWE-89
 

 
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top