TUCoPS :: Web :: CMS / Portals :: b06-3043.htm

HotPlugCMS_1.0 - SQL Injection Vulnerability
HotPlugCMS_1.0 - SQL Injection Vulnerability
HotPlugCMS_1.0 - SQL Injection Vulnerability


HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent=0D
is very easy with=0D
' OR 1=1 /*=0D
and a SQL-inject will bypass the entire authentication process.=0D
=0D
Typical, very simple SQL Injection.=0D
=0D
peda

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH