SQL Injection in Maxdev Cwguestbook

CVE-2009-2307

SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.

Vulnerability class: SQL Injection

EPSS: 0.009 (56.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References