2 matches found
CVE-2009-0459
CVE-2009-0459 describes multiple SQL injection vulnerabilities in admin/login_submit.php of Whole Hog Password Protect: Enhanced 1.x . The flaws allow remote attackers to execute arbitrary SQL commands via the uid (Username) or pwd (Password) parameters. This is supported by the NVD entry and rel...
CVE-2009-0461
The vulnerability CVE-2009-0461 affects Whole Hog Password Protect: Enhanced 1.x. An integer value in the adminid cookie can bypass authentication, enabling remote attackers to obtain administrative access. This is the root cause and impact described across sources; no remediation or patched vers...