CVE-2009-0461

Whole Hog Password Protect: Enhanced 1.x - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-0461. PoCs published by Stack.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in WholeHogSoftware Ware Support, allowing an attacker to set an admin cookie via JavaScript to bypass authentication.

Description

Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Stack · textwebappsphp
https://www.exploit-db.com/exploits/7951

This exploit demonstrates an insecure cookie handling vulnerability in WholeHogSoftware Ware Support, allowing an attacker to set an admin cookie via JavaScript to bypass authentication.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WholeHogSoftware Ware Support
No auth needed
Prerequisites: Access to the target application's login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Stack · textwebappsphp
https://www.exploit-db.com/exploits/7952

This exploit demonstrates an insecure cookie handling vulnerability in WholeHogSoftware's Password Protect script. By setting the 'adminid' cookie to '8', an attacker can bypass authentication and gain admin access.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WholeHogSoftware Password Protect (version not specified)
No auth needed
Prerequisites: Victim must visit a malicious link or have JavaScript executed in their browser context
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33577
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33777
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51734
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7952

Scores

EPSS 0.0283
EPSS Percentile 84.7%

Details

CWE
CWE-287
Status published
Products (1)
wholehogsoftware/password_protect 1.0
Published Feb 10, 2009
Tracked Since Feb 18, 2026