Vulnerability Report

CVE-2026-42647

Title: JoomSport Blind SQL Injection

SQLi

Proof Of Concept

PoC Available for CVE-2026-42647

CWE Category CWE-89

Published Date Jun 11, 2026

Modified Date Jun 12, 2026

Exploit Status Available

Score 9.3 CVSS v3.1

Exploit Probability (EPSS)

1.30%

Vulnerability Summary

CVE-2026-42647: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7.

Impacted Vendors

Analysis in Progress...

Reference Links

https://patchstack.com/database/wordpress/plugin/joomsport-sports-league-results-management/vulnerability/wordpress-joomsport-plugin-5-7-7-sql-injection-vulnerability?_s_id=cve

CVSS v3.1

Source Entity [email protected]

Severity CRITICAL

9.3

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-42647 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/rootdirective-sec/CVE-2026-42647-Lab

View Code

June 12, 2026 MODIFIED

Vulnerability data updated via NVD.

June 11, 2026 MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Affected Stack

No specific products linked.