2 matches found
CVE-2007-3938
SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676...
CVE-2007-3938
The CVE-2007-3938 entry concerns MAXdev MDPro (MD-Pro) prior to version 1.0.8x (before 20070720) where the index.php topicid parameter in the Topics module is not properly sanitized. The flaw allows an unauthenticated remote attacker to influence SQL queries executed by topics_userapi.php, potent...