SQL Injection in Maxdev Md-pro

CVE-2009-0728

SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.

Vulnerability class: SQL Injection

EPSS: 0.009 (56.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References