Vulnerabilities > Maxdev > MD PRO > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-07-02 | CVE-2009-2307 | SQL Injection vulnerability in Maxdev Cwguestbook SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php. | 7.5 |
| 2009-02-24 | CVE-2009-0728 | SQL Injection vulnerability in Maxdev MY Egallery SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php. | 7.5 |
| 2005-09-14 | CVE-2005-2885 | Remote File Upload vulnerability in Maxdev Md-Pro 1.0.73 The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files. | 7.5 |