An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.Referenceshttps://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities/
