CVE-2013-1852

LeagueManager < 3.8.1 - SQL Injection via league_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1852. PoCs published by Joshua Reynolds.

AI-analyzed exploit summary This Ruby script exploits an SQL injection vulnerability in WordPress LeagueManager Plugin v3.8 via the league_id parameter, allowing unauthenticated extraction of administrator usernames and password hashes.

Description

SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.

Exploits (1)

exploitdb WORKING POC

by Joshua Reynolds · rubywebappsphp

https://www.exploit-db.com/exploits/24789

View Code ZIP pw:eip

This Ruby script exploits an SQL injection vulnerability in WordPress LeagueManager Plugin v3.8 via the league_id parameter, allowing unauthenticated extraction of administrator usernames and password hashes.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WordPress LeagueManager Plugin v3.8

No auth needed

Prerequisites: Target must have WordPress LeagueManager Plugin v3.8 installed · Target must be accessible via HTTP/HTTPS

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/24789

Exploit x_refsource_misc

http://packetstormsecurity.com/files/120817/WordPress-LeagueManager-3.8-SQL-Injection.html

Product x_refsource_confirm

http://wordpress.org/plugins/leaguemanager/changelog

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/91442

Scores

EPSS 0.0523

EPSS Percentile 91.4%

Details

CWE

CWE-89

Status published

Products (47)

kolja_schleich/leaguemanager 1.0

kolja_schleich/leaguemanager 1.1

kolja_schleich/leaguemanager 1.2

kolja_schleich/leaguemanager 1.2.1

kolja_schleich/leaguemanager 1.2.2

kolja_schleich/leaguemanager 1.3

kolja_schleich/leaguemanager 1.4

kolja_schleich/leaguemanager 1.4.1

kolja_schleich/leaguemanager 1.4.2

kolja_schleich/leaguemanager 1.5

... and 37 more

Published Feb 05, 2014

Tracked Since Feb 18, 2026