hotplugCMS.txt

2006-06-25T00:00:00
ID PACKETSTORM:47618
Type packetstorm
Reporter peda
Modified 2006-06-25T00:00:00

Description

                                        
                                            `HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent  
is very easy with  
' OR 1=1 /*  
and a SQL-inject will bypass the entire authentication process.  
  
Typical, very simple SQL Injection.  
  
peda  
`