CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-0728

SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/33871
https://www.exploit-db.com/exploits/8100
http://www.securityfocus.com/bid/33871
https://www.exploit-db.com/exploits/8100

Products affected by CVE-2009-0728

Maxdev » Md-Pro » Version: Any

cpe:2.3:a:maxdev:md-pro:*
Maxdev » My Egallery » Version: N/A

cpe:2.3:a:maxdev:my_egallery:-
Postnuke » Postnuke » Version: 0.750

cpe:2.3:a:postnuke:postnuke:0.750
Postnuke » Postnuke » Version: 0.760

cpe:2.3:a:postnuke:postnuke:0.760

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-0728

Products

Pricing

Contact Us