HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent

is very easy with

' OR 1=1 /*

and a SQL-inject will bypass the entire authentication process.

Typical, very simple SQL Injection.

peda

[ reply ]