42 matches found
CVE-2022-3865 WP User Merger < 1.5.3 - Admin+ SQLi via ID
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
General Electric D20 Password Recovery
The General Electric D20ME and possibly other units D200? feature TFTP readable configurations with plaintext passwords. This module retrieves the username, password, and authentication level list. This module requires Metasploit: https://metasploit.com/download Current source:...