HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent is very easy with ' OR 1=1 /* and a SQL-inject will bypass the entire authentication process.
Typical, very simple SQL Injection.
peda