Vulnerabilities > Maxdev > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-24 | CVE-2008-7038 | SQL Injection vulnerability in Maxdev MY Egallery SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. | 7.5 |
| 2009-07-27 | CVE-2009-2618 | SQL Injection vulnerability in Maxdev Mdpro 1.083 SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php. | 7.5 |
| 2009-07-02 | CVE-2009-2307 | SQL Injection vulnerability in Maxdev Cwguestbook SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php. | 7.5 |
| 2009-02-24 | CVE-2009-0728 | SQL Injection vulnerability in Maxdev MY Egallery SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php. | 7.5 |
| 2007-01-31 | CVE-2007-0623 | SQL Injection vulnerability in Maxdev Mdpro 1.0.76 SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. | 7.5 |
| 2005-09-14 | CVE-2005-2885 | Remote File Upload vulnerability in Maxdev Md-Pro 1.0.73 The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files. | 7.5 |