CVE-2009-0458

Name of the Vulnerable Software and Affected Versions Whole Hog Ware Support versions 1.x

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the uid parameter (also known as the Username field) or the pwd parameter (also known as the Password field) in the admin/login submit.php file.

Recommendations For Whole Hog Ware Support version 1.x, consider restricting access to the admin/login submit.php file until a fix is available. As a temporary workaround, avoid using the uid and pwd parameters in the affected file to minimize the risk of exploitation.