HotPlugCMS version 1.0 suffers from a SQL injection vulnerability.
861e6d9e0d569bf03eac7c8be7aa13c259242c0bf95782bb60d6320bb794d868
HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent
is very easy with
' OR 1=1 /*
and a SQL-inject will bypass the entire authentication process.
Typical, very simple SQL Injection.
peda