CVE-2013-1852

Kolja Schleich Leaguemanager < 3.8 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.

Exploits (1)

exploitdb WORKING POC
by Joshua Reynolds · rubywebappsphp
https://www.exploit-db.com/exploits/24789

References (4)

Scores

EPSS 0.0081
EPSS Percentile 74.4%

Details

CWE
CWE-89
Status published
Products (47)
kolja_schleich/leaguemanager 1.0
kolja_schleich/leaguemanager 1.1
kolja_schleich/leaguemanager 1.2
kolja_schleich/leaguemanager 1.2.1
kolja_schleich/leaguemanager 1.2.2
kolja_schleich/leaguemanager 1.3
kolja_schleich/leaguemanager 1.4
kolja_schleich/leaguemanager 1.4.1
kolja_schleich/leaguemanager 1.4.2
kolja_schleich/leaguemanager 1.5
... and 37 more
Published Feb 05, 2014
Tracked Since Feb 18, 2026