CVE-2009-0459

Name of the Vulnerable Software and Affected Versions Whole Hog Password Protect: Enhanced versions 1.x

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the uid parameter (also known as the Username field) or the pwd parameter (also known as the Password field) in the admin/login submit.php file.

Recommendations For Whole Hog Password Protect: Enhanced version 1.x, consider restricting access to the admin/login submit.php file until a fix is available, and avoid using the uid and pwd parameters in this context to minimize the risk of exploitation.