SQL Injection in Maxdev Cwguestbook
CVE-2009-2307
SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.
Vulnerability class: SQL Injection
EPSS: 0.009 (56.1th percentile) — read the EPSS interpretation.
Affected products
- Maxdev Cwguestbook
- Maxdev Md-pro
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)