Wholehogsoftware Password Protect vulnerabilities
2 known vulnerabilities affecting wholehogsoftware/password_protect.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2009-0461P3HIGHCVSS 7.5PoCv1.02009-02-10
CVE-2009-0461 [HIGH] CWE-287 CVE-2009-0461: Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
nvd
CVE-2009-0459P3HIGHCVSS 7.5PoCv1.02009-02-10
CVE-2009-0459 [HIGH] CWE-89 CVE-2009-0459: Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enha
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
nvd