Active Directory Integration <= 1.1.8 - Authenticated SQL Injection

Type user acces: administrator user. Target need have configured ldap and active. Path Request: /wp-content/plugins/active-directory-integration/syncback.php Line : 135 $result = $ADI-bulksyncback $GET'userid' ; $GET‘userid’ is not escaped. Path Method:...