King-Lion

**Name of the Vulnerable Software and Affected Versions** PHPFootball versions 1.6 and earlier **Description** The issue allows remote attackers to retrieve password hashes by sending a request with specific parameters. This is achieved by setting the `dbtable` parameter to 'Accounts' and the `dbfield` parameter to 'Password'. Some sources have reported this as a SQL injection issue, but the accuracy of this classification is uncertain. **Recommendations** For PHPFootball versions 1.6 and earlier, as a temporary workaround, consider restricting access to the filter.php file until a patch is available. Avoid using the `dbtable` and `dbfield` parameters in the filter.php file with sensitive values like 'Accounts' and 'Password' until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.