2 matches found
CVE-2009-0458
CVE-2009-0458 affects Whole Hog Ware Support 1.x. The admin/login_submit.php script exposes SQL injection via the uid (Username) and pwd (Password) fields, enabling remote attackers to execute arbitrary SQL commands. The NVD entry lists a high impact with a CVSS v2 base score of 7.5 (Network atta...
CVE-2009-0460
CVE-2009-0460 affects Whole Hog Ware Support 1.x. The vulnerability allows remote attackers to bypass authentication and obtain administrative access by manipulating an integer value in the adminid cookie. The root cause is improper validation of the adminid cookie, enabling privilege escalation ...