SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.
CPE | Name | Operator | Version |
---|---|---|---|
cwguestbook | le | 2.1 |