6 matches found
CVE-2009-0460
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie...
CVE-2009-0458
Multiple SQL injection vulnerabilities in admin/loginsubmit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via 1 the uid parameter aka Username field or 2 the pwd parameter aka Password field. NOTE: some of these details are obtained from third party...
Sql injection
Multiple SQL injection vulnerabilities in admin/loginsubmit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via 1 the uid parameter aka Username field or 2 the pwd parameter aka Password field. NOTE: some of these details are obtained from third party...
CVE-2009-0460
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie...
CVE-2009-0458
CVE-2009-0458 affects Whole Hog Ware Support 1.x. The admin/login_submit.php script exposes SQL injection via the uid (Username) and pwd (Password) fields, enabling remote attackers to execute arbitrary SQL commands. The NVD entry lists a high impact with a CVSS v2 base score of 7.5 (Network atta...
CVE-2009-0460
CVE-2009-0460 affects Whole Hog Ware Support 1.x. The vulnerability allows remote attackers to bypass authentication and obtain administrative access by manipulating an integer value in the adminid cookie. The root cause is improper validation of the adminid cookie, enabling privilege escalation ...