SQL Injection in Maxdev Md-pro
CVE-2009-0728
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.
Vulnerability class: SQL Injection
EPSS: 0.009 (56.8th percentile) — read the EPSS interpretation.
Affected products
- Maxdev Md-pro
- Maxdev My_egallery
- Postnuke
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)