CVE-2019-14348

Name of the Vulnerable Software and Affected Versions BearDev JoomSport plugin version 3.3

Description The issue allows SQL injection, which can be used to steal, modify, or delete database information. This is achieved via the joomsport season/new-yorkers/?action=playerlist API endpoint, specifically through the sid parameter.

Recommendations For BearDev JoomSport plugin version 3.3, consider restricting access to the joomsport season/new-yorkers/?action=playerlist API endpoint to minimize the risk of exploitation. Avoid using the sid parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.