Vulnerabilities > Wholehogsoftware > Password Protect
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-10 | CVE-2009-0461 | Improper Authentication vulnerability in Wholehogsoftware Password Protect 1.0 Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | 7.5 |
2009-02-10 | CVE-2009-0459 | SQL Injection vulnerability in Wholehogsoftware Password Protect 1.0 Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). | 7.5 |